9 Replies Latest reply on May 5, 2010 7:25 AM by marko25

    Disable authentication/loading keys in EEFF



      I have a configuration issue that I am really baffled about and hoped someone could help me with.


      I am currently working/testing the EEFF client on a Vista machine (with version no. I have installed and set the configuration to "disable logon" (at first restart after the installation) and disabled the inactivity to ensure it will not ask for key after set time. This works fine and I am happy with the result so far if no syncronisation is performed.


      If the user then syncronise their EEFF client with the database/server and receive their encryption key, then all is still working as expected. However when they logoff or restart and then log back on afterwards, the client will request to authenticate with the database/server within 2 min after logon, and if I press "Cancel" then it will come up again (and again) until authenticated.


      I am not sure if this is how EEFF works or whether there is an issue with my configuration, but was wondering if there is a way out of changing this, so that when the key is syncronised and user either logs out/restarts, then there will be no need to authenticate again until the key is required to be access again (via manual syncronise again)? All in all I want minimum amount of authentications/logons with Safeboot as possible!


      The current setup I am working on is Vista 32-bit client with SP2. The EEFF client is (as previously mentioned).


      Hope someone can help me!




        • 1. Re: Disable authentication/loading keys in EEFF

          it will do a logon when something tries to access encrypted data, so it all depends on what the user is doing?


          If the user is trying to access a file, or browse an encrypted location, it will keep trying to get a login until the user (or whatever) stops trying to access the file.


          You have to logon before any data can be accessed, even if it's just explorer browsing the files.

          • 2. Re: Disable authentication/loading keys in EEFF

            Thanks for quick reply.


            If the machine is encrypted with Endpoint Encryption for PC (whole C drive is encrypted), would that make the EEFF try to authenticate as well?


            Reason why I am asking is that I need to know at what point the authentication happens, as we will have users that should not have any logon prompt to the Safeboot database/server, but just use the default policy that comes with the install set (client). This would mainly to use the Self-Extractor functionality and not the encrypted file/folder option (as this will required encryption key).


            Also these machines will not have any EEPC installed, nor hard drives encrypted. Would this be a possiblity and if so, what should I set the settings to?

            • 3. Re: Disable authentication/loading keys in EEFF

              no, eeff only pays attention to files. eepc only to sectors.


              any centrally managed key will cause an EEFF auth after a key unload - so any central recovery key for example set for EEFF removable media. Any centrally managed key, or key related to a specific user etc.

              • 4. Re: Disable authentication/loading keys in EEFF

                Hi 'Safeboot'!


                Is there ANY way of not having an initial login prompt for users with only EEFF installed? If so what are the setting required?



                Thanks in advance

                • 5. Re: Disable authentication/loading keys in EEFF

                  turn off the load keys on logon option, then you won't get authentication until the first time something tries to access encrypted data.


                  but, of course, if there's something on the desktop, or some application tries to open a file, you'll get the prompt soon enough. Your platinum support person can help you with the exact settings.

                  • 6. Re: Disable authentication/loading keys in EEFF

                    I refreshed this because I have a problem with authentication after logon. I disabled " Load keys on logon" in policy but after logon EEFF client still want to synchronize with the server. I have no idea where is the problem and whot should I do.

                    I don't want to authenticate after every logon/restart

                    • 7. Re: Disable authentication/loading keys in EEFF

                      most likely you have an encrypted file on your desktop, or you didnt actually disable the option.


                      remember, if you are not using user-assigned policies, then the default one (the one you created the install set with) always applies, and never changes.

                      • 8. Re: Disable authentication/loading keys in EEFF

                        I made several tests and ...

                        I'm not sure if we understood good. I don't want to authenticate to EEFF after logon to Windows system ( domain ). I have a user who has policy with option "Load keys .." disabled. This option only give loading or not all keys after logon to  EE server possibility ( SSO) . If policy contain access to several folders which use 2 or more keys then I need 2 or more authentication with this option disabled. It doesn't affect to authentication dialog after logon to Windows system. It works in my environment  in this way.

                        Also I have other problem . When I cancel authentication then I can't access to ecrypting files in this Windows session. When I try to open those files I can't and I don't get any authentication dialog box! I must logoff ang logon again to access files. Opiton " Unload all keys ... " not help me.

                        Other observation: when computer is not connected to the network the authetication dialog not appear at logon. It looks like EEFF client discover EE server at logon.

                        • 9. Re: Disable authentication/loading keys in EEFF

                          Ok, some tests more and ...

                          I have encrypting folder on the file Server this folder is shared. when user logon to the domain this folder is mapped and then EEFF client check that folder is accessible and authentication dialog box appear ... Other user doesn't access to this folder and authentication not appear. Very strange for me . Why EEFF client checks accessibility on logon ? It should check it when I try to open file or folder.

                          when I cancel authentication on logon I still haven't possibility to access files in this session. I have to re-logon. Also very strange.

                          Is this features are correct ? Can someone to confirm interchangeably it?