1 of 1 people found this helpful
if you don't have the "must match username" option ticked, the SSO details will get set to whatever Windows reports them to be, so yes, it's entirely possible to get mismatched details stored.
It's not possible for it to set the password to anything other than the one you typed though, Windows does not know what your password is. Of course, if you, or some application is using the autoadminlogin registry keys, that can cause those details to get stored in the SSO fields as well.
Thanks for the quick response Simon! In this particular case, the safeboot account password is getting set to another windows account password, not the password I logged into windows with.... The password that is set in safeboot is taken from a local account prepopulated in the image that I haven't used to login to windows yet for some reason, safeboot decides to use that password, regardless of which windows account is used to login. It's super weird and I have a workaround but I do appreciate your response!
Windows does not know what that password is, unless you put it in the registry that is, or unless you have some other 3rd party software remembering it.
The SSO feature of EEPC just stores what Windows tells us the current user logged in with ;-)
Okay. I'm willing to bet they have it defined somewhere in the registry because in this case, it's setting the safeboot password to something other than the Windows account logged in. It's sooooooooo weird. If I can pinpoint why, I will certainly share the info. Thanks again!
check the current machine winlogon hive, or just search HKLM for the password ;-)
There is an issue with SSO when it attaches to Vmware_user or HelpDesk accounts. Exclude them by using :
This file can be used to exclude users from single-sign-on logon, e.g. VMware user
accounts can overwrite the single-sign-on even though the “Must Match the Window
user name” option has been selected.
<User name="__Vmware_User__" />
Thanks for the responses gentlemen! It's great to see you both on here helping when I know you're probably incredibly busy. I'll keep you posted. Apparently, they're forcing the local admin account/password through GP. I'm wondering if after logging in with one account, GP is applied and safeboot sees the local account get it's password refreshed although it's not the account that is logged in but safeboot somehow associates that change with the currently logged in account.... Even if that is the case, the script set by Peter should take care of it. Just confirmed it's happening on more than one machine. The only other thing is I did find some references to the local account in the registry under Symantec. I'll be investigating that as well to see if the local account in question has been tied to any services or tasks in Symantec.
Where exactly is the .xml placed so that the clients will run properly? Also is a double 'underline' required before and after the username?
In EEPC Client program folder.
No that is Vmware user name (with underscores).