you are missing something
all your machines are going to talk to each other and exchange password change information - so once someone changes their pwd on one machine, it will tell all the others about the change.
Thanks for your quick reply. I feel like I am missing a alot.
But in order for what you said to work, everyone in the group users and individual users will have to change their password on at least one machine before their password is no longer the one in the user based policy? I don't want anyone to be able to log in as someone else because they know what the default password is.
Could you confirm (or deny) that what I have found about the add Local Domain Users is true (or false) - if you add an account to a system before encrypting, but do not log in, then encrypt, you will not be able to log in with this account? I am wondering if this is the design or if there is something wrong with my set up.
yes, you have to change your password before it's not the default - that's what happens in any password based system?
no, what you've found should not be true - what error message did you get?
I think it would be best if you got your professional services team back in to help you set things up properly - it would seem like they left without really handing over all the knowledge you need?
I have changed the password so it is not the default, but everyone added using group users and individual users via the Encryption Users screen in ePO will still have the password that is set is the user based policy, correct?
The error message is Error EE050002 Unknown User.
We have not been using a professional services team. Maybe we should
the error simply means you're typing a user name not recognized by the system, so either it's not an assigned user, or you set up your AD interface to import the user using some other format of their name like lastname, firstname etc.
The user names are in the administrators group on the system and are valid accounts in AD.
If I assign a user using group users and individual users via the Encryption Users screen in ePO I am able to log in, but the accounts I added to the system before encryption (the Add Local Domain Users option is selected,) give me the Unknown User Error. The account I was using to install the encryption software works fine though. When I registered the AD server and tested the connection it was suscessful.
AD is using samaccountname for the username and display name.
I'm not sure how you added accounts to a system prior to installing it? Usually you'd add accounts at a higher level - like an OU level for example and use the policy relationships?
the add local domain users (ie, users from the domain who have local cached profiles, NOT Local users) can only be applied after activation, because before then, how would it know who they are?
Once again, thanks for your reply.
I was referring to adding the local domain accounts to the system before installing EEPC (using My Computer / Manage on the system) . After I added the local domain accounts to the system, I ran the task to install the EEPC agent and then the software. Once the hard drive was fully encrypted, I rebooted and tried to log in as one of the local domain users. I got the unknown user error. I then logged in as myself and verifyed the local domain users were present on the computer, forced an update on the system from both the system and the ePO console and rebooted again. I am still unable to log in using a local domain account.
The EEAgent does not seem to be collecting the currently/previously logged in domain users information and sending it to the ePO server.
You can check to see if the local domain users have been assigned to the machine. Login to ePO
- Clieck Menu
- Click Data Protection
- Click Encryption Users
- Navigate the system tree to the required machine.
- Tick the machine, then click actions and view users.
If it was added then it will appear it..