1 of 1 people found this helpful
This is an age old question for this product. There are also multiple ways to approach this issue. The easiest is to have them change the password with the windows change password dialog. As long as you have SSO configured this will also change their windows password. You could also script the EE password change using the CLI.
Yes, I know I can do it on command line, but the fact is that i am trying to reduce the number of calls to the help desk because no matter what I do, they are going to continue doing it, and manual interveention is requried. I was tryiing to find an automatic way to solve this isssue.
Users do not understand. They either change their encryption password thinking this will change their network password, or they change their network password and disconnect the lapotp before it syncs.
Is there any other way ?
The closest thing is EEPC SSO, but you will have to live with problems that SSO produces.
Windows and EEPC have different requirements for password change. I doubt you will ever solve it, unless you make McAfee or MS, to modify their approach on how to change and recover user passwords.
I just submitted a product enhancement request to add an option to somehow send an ldap command when a user changes their endpoint encryption password.
As soon as the user enters the password and press enter, an ldap command would be executed to change the AD password, which can very easily be done.
Don't you need to know the old password to change the current AD password? What happens if the domain is offline? What happens if the user changes their password in the pre-boot screen?
Safeboot, please answer your own questions.
I have found the solution to my SSO problem.
I have disabled the ability for users to change their password on the McAfee Encryption screen forcing them to use the windows change password screen.
This prevents users changing their encryption password thinking they changed their AD password. Now, the only way they can change their password would be thru windows.
I still have to make sure they do a sync or they will still have a problem.
I have a new question now. How do you gray out the change password option on the McAfee log in screen ?
and second, how do you force a sync immedaitely after they change their password ?
By disabling the change password option we solve most of your questions. Now, if they are off the domain and the 120 days time out expires, they just have to call in anyway.
Can the change password button be grayed out on the log in screen ?. I want to prevent users to change their password there, because is causing us problems. Users do not understand that by changing the EEM password, it will not change their AD password.
Please let me know if the option can be greyed out...