6 Replies Latest reply on Apr 13, 2011 2:24 PM by dcaranfa

    Windows 7 SSO



      I've been going crazy trying to get SSO into Windows 7 to work with EEPC 5.2.8 (eem managed).  I setup everything as suggested for SSO and Vista/Win7, but EEPC was never picking up the AD credentials.  I had to keep using 12345.  I'm using Server 2008 AD and I've setup a sync between EEM and my AD to pull in user accounts.  In any case, as a shot in the dark, I tried logging into Windows using the user's fully qualified domain name (username@domain.domain.tld), rather than the old domain naming convention domain\username and this worked.  Is this a known "requirement" for EEPC to pickup the user credentials?  It's the same user profile in windows regardless of how you sign in.  However, the username's that were sync'd to the EEM are in the FQDN format. 


      Just want to make sure this a real requirement and that I'm not just imagining this.  Thank you.

        • 1. Re: Windows 7 SSO

          The user name in windows has to match the one used in eepc if you have the machine general policy "must match" turned on?


          If you turn it off thn it won't care if the users names match or not.


          Did you mean to create your users with fqdns?

          • 2. Re: Windows 7 SSO

            The users's were automatically sync'd from AD in the FQDN format.  Maybe I should just turn off the the "must match" requirement?  I'm not sure how the EEPC account gets linked to the correct AD account then.

            • 3. Re: Windows 7 SSO

              Whoever the first windows user to login after a Pre boot login will get linked, that's all there is to it.


              How are you creating the users? Whoever set that up picked upns, the default is always the SAMAccountName.

              • 4. Re: Windows 7 SSO

                The who in this case is McAfee as the default settings were selected in the AD Connector.  Here are my Connection manager settings:




                • 5. Re: Windows 7 SSO

                  Oops. I thought that was changed in the product some versions ago! My mistake. I guess the implementation team were just changing it for customers when they went on site.


                  Anyway, the name format has to match if you want to use the "must match option". If you turn that off, then you can have user "simon" linked to windows creds for "administrator"' or whatever you like.

                  1 of 1 people found this helpful
                  • 6. Re: Windows 7 SSO

                    in case some else runs into this, this was all caused by me not using the correct client file settings.  Here are the steps I missed:


                    1. In EEM go to the System tab
                    2. Right click Endpoint Encryption File Groups and choose Update file groups.  This apparently loads the files into EEM from the file system.
                    3. Under the Machines tab, open your machine properties or machine group properties if the machines are managed at the group level.
                    4. go to the Files area
                    5. Make sure you have EEPC52 Option:  EE Password Change Notification Plugin Files, EEPC52 Theme213:  EE for PC McAfee Theme, EEPC52: EE 5.2.8 Client Files selected.
                    6. Update your installation set and deploy.


                    Somehow I didn't have the right set of client files available to be deployed to my machines.


                    This resolved the problem for me.