I am curious, how pre boot authentication works with single sign on ? What is role of PBFS in it ? How does password get sync with Domain ?
Thank you !
The PBFS is the preboot file system in which all the data files are stored for preboot. Once PBA is loaded, the user authenticates using their PBA user credentials. Upon Windows loading to the Credential Provider, MDE will replay the stored Windows credentials. These credentials are different than the PBA credentials but stored with the users attributes in the PBFS. When a password change occurs, the MDE credential provider captures the credentials and updates the users PBA and Windows credentials stored within the PBFS.
Thank you for response!
Please correct me if I am wrong, PBFS files stores the information which requires for preboot (like PBA password). If we are NOT connected to domain, and we change the password at PBA, it will be stored in PBFS and once we get connected, PBFS will update the password with Domain ?
no - the PBFS password is never used to change the domain password, it's the other way around - a change in the domain password will change the PBFS password.