This content has been marked as final. Show 19 replies
the AD connector is not involved in password sync, only user accounts.
yes, you can use the API to set the password (if you know it, or can get the user to type it).
While the sync doesn't happen at the connector level, you shouldn't need any reboots for it to notice the new password or even the existing password for first time users. It should work like this if you have SSO setup properly:
1. User has generic first time password, by default it's 12345
2. User enters username/12345 at Pre-Boot Auth Window
3. User is dumped at Windows login screen and enters true AD password
4. SafeBoot silently realizes that the password needs to be in sync and matches them
5. Next time you reboot, your SafeBoot password should be your Windows password
My issue is not with the connector or the password at this point anymore, it is with the Reboots.... Is it possible to Synch a password changed by using 'Ctrl+Alt+Del' combination to the Local Safeboot DB immediately instead of rebooting twice?
Essentially, when I say rebooting twice, I mean the below steps:
Assumptions: Old Safeboot password=A, Old Windows Password is B,null New Windows Password is C.
Action1: User changes his windows password via 'Ctrl+Alt+Del'
Action2: Windows Password changed from B to C. Next action Reboot.
Reboot1: User presented with Safeboot logon & submits password A as C will not work.
Reason1: (Win password not passed to SB)
Action3: User authenticates to safeboot GINA successfully.
Action4: Safeboot GINA tries to present the Windows credentials automatically but fails as it is using password A.
Action5: User presented with Windows logon again.
Action6: User enters password C
Action7: User authenticates successfully to Win MSGINA. Next action Reboot.
Reboot2: User presented with Safeboot logon & submits password C as A will not work.
Reason2: Win password passed to SB now.
Can Reason2 be achieved by avoiding Reboot1 & Reboot2.
Hope this explains my situation a bit clearly.
the password is changed locally as part of a ctrl-alt-del event - it requires no sync at all.
I'm not sure what you are doing, but most likely you can work it out through the token data events in the client log. Possibly the time is out within your environment, and the token data is flowing the wrong way.
of course, this all assumes you have all the windows login options set right.
You should not have to reboot twice. What do you have checked/unchecked on the General tab of the properties of the machine that you're testing with under Windows Logon and Miscellaneous?
Also, are you using the normal Windows XP GINA, or are you running something else?
I havent changed anything on the Windows login options or did not tamper a bit with the Win MSGINA .... cant attach a screenshot:( for u to check as well....
I dont want to make this very confusing to understand.... but i hope you have understood the above steps I have mentioned and what I want to achieve.
you need to tick some - at least the ones for password sync.
perhaps you can call your platinum support team and get them to help you?
Could you list what you have checked/unchecked on this screen?