cancel
Showing results for 
Search instead for 
Did you mean: 

Preboot password not syncing after password change (CTRL-ALT-DEL)

One particular user, who is remote for a few weeks, is not able to get past pba without recovery.

Drive Encryption 7.1.1

Win7

SSO

Chain of events:

User changes password with ctrl-alt-delete.

Password change detected and logged in epo.

Person goes home.

Person forgets password.

I recover to get past preboot, have them log into a local account, start vpn and fast switch and log in with a temporary password I set for them.

Ctrl-alt-delete again to change password

NO 'Password change' logged in epo. User cannot successfully preboot.

So, if I am reading all the forums right - preboot *should* update de password on a) failed SSO login or b) C-A-D password reset

a) Is not happening I assume because I am recovering and sso cannot be triggered

b) Is not happening because?

Collect/Send Props, Enforce policies, etc all seem to work. No apparent connectivity issues between vpn device and epo.

Yes, the eventual solution may be DE 7.1.3 but am hoping for a quicker fix.

5 Replies
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Preboot password not syncing after password change (CTRL-ALT-DEL)

This is the expected behavior. The user must be authenticated in PBA for a password sync to occur. This is documented in KB78474 - "Unable to authenticate at preboot after changing the password in Windows".

To workaround this behavior in the future, perform an administrative user recovery and reset the users token allowing them to reset their PBA password first and loading their user a PBA. Once in Windows, no any password change at Ctl + Alt + Del will by synchronized to the PBA user.

Re: Preboot password not syncing after password change (CTRL-ALT-DEL)

Reset token, got it.

Any idea if this is true even with MDE 7.1.3 and the periodic password sync?

Highlighted
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Preboot password not syncing after password change (CTRL-ALT-DEL)

Yes, this is the same behavior with 7.1.3. You must have a user logged into PBA for the PCDC functionality to work. It verifies the users LastPassSet AD attribute against the token timestamp. Without a user loaded into PBA, there is no token timestamp to verify against.

However, once the user has authenticated at PBA, if the password is changed in a way in which MDE cannot capture such as within AD or on another system, the PCDC functionality will detect the password change and request the user lock and unlock their system to update their preboot users credentials.

Re: Preboot password not syncing after password change (CTRL-ALT-DEL)

I don't. Know!

Re: Preboot password not syncing after password change (CTRL-ALT-DEL)

Not sure

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community