I'm assuming this feature sets the Mcafee Pre-boot password to whatever the Windows Password is. We've been doing alot of testing and so far this doesnt work. We have SSO turned on.
Here is how we are testing. I assign a new user to a pc. I wakeup/sync and reboot the machine. I log in pre-boot with the newly assigned id. I'm instructed to set a password, I do so. (It's different then my Windows password). Windows boots and I am auto-logged in. I can get to network resources, everything looks golden.
BUT (and its a big but) , When I reboot the pre-boot password is still what I originally set it to. It didnt sync with Windows. Even when we run an LDAP sync. Still doesnt work change the preboot password.
I'm I misunderstanding how this works ? Any insight would be appreciated.
Justinon 2/9/12 1:19:55 PM CST
In the instances where I have seen that the EEPC pre-boot password does not match Windows password it has been a matter of timing. (i.e. not enough time had passed to allow the client to synchronize the change with the EPO server.) I am somewhat confused when you say that you set your EEPC pre-boot pw to something other than your Windows password and it automatically logs you into Windows. When I do this it fails to log me into to Windows and makes me sign in to Windows with a valid pw.
Jickfoo I have the exact same issue; this cannot be coincidence. We are running EEPC 6.2.
Add a user to system via ePO. Logon to system PBA for the first time using correct username, but enter a PBA password that different to the domain password. System boots up fine and into Windows. Leave the device with 2 hours (we have policy to update every hour), reboot system, trying logging on with domain password as it should have syncronised, but it does not work. Enter original PBA password and it logs on PBA fine and then into Windows fine. It appears that the Windows/EEPC syncronastion is not working.
It does not sync by virtue of a login - something has to happen, like a Windows password change, to force a sync.
Also, the sync happens immediately and locally - there's no time delay. It may take time for the change to be passed to other machines, but on the machine you changed your password on it takes effect right then and there.
Do a Windows password change, and you should see the pre-boot password change straight away - if not, most likely you have some third party credential provider installed, like a VPN, which is blocking the passthrough to EEPC - you'll need to either disable it, or get that vendor to fix their passthrough functionality.
Hi Safeboot, I have checked and the machine does not have VPN client installed. I have just tried again with the following process:
Laptop on the network
Ctrl+Alt+Del and change password
Enter new password in PBA
PBA logon failed
Use original password and PBA is succesful
Windows logons on SSO fine.
It appears that password syncing is broken on EEPC 6.2.
It works for tens of thousands of other users ;-)
There are a few things - maybe your admin has not turned that feature on, maybe you have a 3rd party credential provider you don't know about, maybe when you installed, something blocked the configuration in the registry of the network provider which captures these events, maybe your new password is incompatible with EEPC (content rules, history rules etc).
There are lots of potential conditions, but it DOES work for many other people
I am the McAfee ePO admin and the feature is turned on. There is no other 3rd credential provider. Password is compatible as I have not setup any password rules.
As it is working for tens of thousands of other users I will raise a support call with reseller to investigate further.
Looks like me and jickfoo are just the unlucky ones.
Done further testing in our enviroment and the password syncing works fine our Windows 7 32/64bit laptops. Problem seems localised to our Windows XP SP3 devices. I have raised a support call with our reseller.
XP3 uses GINA, so take a look in the registry and make sure the network provider is inserted properly.
this article might help - https://kc.mcafee.com/corporate/index?page=content&id=KB66709&actp=search&viewlocale=en_US&searchid=...
Most likely something is wrong with the network provider stack on your XP3 machines.
Following extensive troubleshooting I have identified the cause of the problem for us.
It appears to be that is a conflict between the Intel Network Controller software (v13.5.0) and the Broadcom NIC driver on our HP 6510b laptops. Removing the Intel Network software using Add/Remove programs and then re-install the Broadcom NIC driver (v220.127.116.11 b57xp32.sys) from within device manager, followed by a reboot, resolved the issue.
Thanks again to Safeboot for his input.