This content has been marked as final. Show 15 replies
Is this on windows xp or vista?
We currently have the same issue. When we originally deployed SafeBoot (Build 5140) the SafeBoot password would be synchronized to the new Windows password during a manual password change in Windows. This stopped working for some unknown reason and now SB and Windows passwords only synchronize on Windows logon. I haven't had the opportunity to research this issue yet but if I find anything I'll be sure and post.
On machine properties, make sure that these options are checked...
- SafeBoot logon component always active
- Set SafeBoot password to Windows password
- Must match Windows user name
This should make your SB password update whenever they change their Windows password from a SB installed workstation (using normal password change).
This may not however update their SSOPassword until the user logs in the next time, where SB will "learn" what their Windows credentials are (ID, Password, Domain).
Don't kill me if the information is not perfectly accurate. We just recently converted from 4.x to 5.x, so my 5.x knowledge may be incomplete.
ah... password sync.. to make the issue worst... some of our users have multiple account... when they change password, they will log off windows and log back in to change others... in result... SafeBoot will not pickup the password where the user ID is different from Windows....
PS: due to some reasons, I am not "allow" to use "Require SafeBoot Logon" or "Require SafeBoot re-Login" options...
So, to "fully" solve your problem, you need to enable pretty much every option in Windows Option under Machine Properties... grin
I have tried having all of the Windows Options on.
Same result really.
But from what you guys are telling me, seems that the SSO password is only ever updated when it sees the Windows login box.
So inevitably, if a user changes the password in Windows, and then re-boots - the SafeBoot login screen will require the old password (as SB has not seen the Windows login box just yet).
Hmm might have to check out B5400..see whats new.
To verify if a users windows password has been captured after a windows password change, do a sync and look for
10/20/2008 3:37:50 PM Updating database SSO info with local changes for user (ID=00000114)
If you do not see that message, safeboot did NOT capture the password during the password change.
If that is the case, lock the workstation via ctrl alt del and unlock it, providing the new windows password.
Sync again and this time you SHOULD see the message from above. If you still don't see it, you are probably going to have to do a reboot and go through the windows login screen to get the password recaptured.
Note: On Vista, I have not had safeboot be able to capture the windows login from the login screen. It has only worked on a lock / unlock of the workstation.
Note: If you change the password on the domain through AD Users and Computers (ie NOT on the local workstation) or other method, you should also go into the safeboot admin console, right click on the user, select 'Set SSO Details' and select clear. This will force safeboot to forget the previously cached credentials which contains the old windows password.
for vista SSO, you also need to make sure you check the box "require safeboot logon" under the general/windows logon section.
SafeBoot should synch the password with the SbFS when you change your Windows password. This works in my environment both at a logon password change and at a CTRL+ALT+DEL password change. Are you using the MSGINA (Windows GINA) or are you using some other vendor such as Cisco or Netware?
Using standard Windows GINA here.
Anyway given up for now. We are forcing users to login twice.