1 Reply Latest reply on Dec 8, 2010 3:50 PM by trekuhl

    logon banner + win7 + sleep = unauthenticated access

    trekuhl

      I opened a ticket in june with tech support on this issue and it was been pushed all the way to tier 3 by august but still no resolve. 5.2.6 was supposed to resolve it but the first release did not. and I cannot find the second release

       

      the skinny:

      -windows 7 machine on domain

      -GPO that enforces a corp logon banner telling users to behave

      -tested with 5.2.1, 5.2.4, 5.2.6

       

      scenario:

      -start machine and enter in PBA info.

      -when the windows logon banner comes up do not accept.

      -allow the machine to go into sleep mode (hibernation obviously doesnt work as you hit PBA again) in my case laptop on battery set by default to sleep after 10 minutes.

      -now wake up the machine and the logon banner will still be presented on the screen. Accept the banner and then it continues directly into windows.

       

      i found this out one day when doing my PBA and phone rang and ended up on a long call. upon awakening my lappie i found under this particular condition it would allow someone into the machine with no authentication. the issue does NOT occur in XP and it appears to have something to do with the newer credential manager in win7 (assume vista uses the same but heck, everyone skipped vista).

       

      Has anyone else noticed this issue or care to test? its been almost 6 months since ive pushed this issue up the ranks and still no answer. spent many hours with tech support trying several combinations of settings for the client and only resolve is disable sleep or logon banner. disabling sleep is better since there aren't keys obfuscated in RAM that someone could try to swipe in any of the various methods. logon banners are fairly standard in the workplace for the various legal reasons, so they are not going away.

       

      -trekuhl