4 Replies Latest reply on Sep 21, 2011 1:22 PM by ecardanha

    EEPC User Password Management

    ecardanha

      I know EEPC maintains a seperate user/password to deploy down to a PC for Pre-boot authentication. 

       

      Just trying to figure out how that content gets updated? 

       

      I have been seeing it more and more recently that on deployment of the EEPC to a machine that the

      passwords on machines don't always match up till I perform a sync, reboot, and then sync and reboot

      again.  I have users that are setup and working on a current machine, I then define them as a user to

      a new machine, the EEPC gets loaded into PBFS, I reboot, and try with the current password that functions

      on another EEPC Machine and it fails, and then I try their previous password and it accepts it, I logon to

      windows do a Collect and Send Props to sync back up and reboot and then the current pasword is back

      to functioning with no interaction beyond the sync.  Does the package deploy with a offline database with

      users and passwords and where does that list come from that seems to be stale on first sync, and requires

      a reboot to get it current again.

        • 1. Re: EEPC User Password Management

          no, there's no credentials in the instal package - they are transfered during a policy update.

           

          It make take a while for the machines to sync everything together - as the machine where you changed your pw has to upload it to EPO, and the other machines have to download it. Depending on your ASIC interval, it could take anything from 20min to a few hours or more.

          • 2. Re: EEPC User Password Management
            ecardanha

            Where would the current password content be kept for the local preboot credentials that it would deploy to a PC is that on the ePolicy Server? 

             

            The biggest part that I have seen is I'll logon to a machine that currently has EEPC deployed with current credentials, and then a few days later deploy the product to a new machine that has never had EEPC on it and after the task that loads the EEPC and and then policy enfortcements occur and it installs the PBFS and then I am required to authenticate it reverts to a previous password that in some cases can be 30 or 60 days old and so far I have seen that on a consistant basis, which at times causes me to need to do a recovery (if I can't remember the old password) so I can do a boot once process and then I can get back in and run a Collect and Send Props, and then the credentials sync back up and on a reboot can get back in with current credentials.

             

            The process seemed to run correctly in 6.0.2, then updated to 6.1 that seemed to get unreliable but just started deploying the update to 6.1 Patch 1, not sure if it has smoothed out yet.

            • 3. Re: EEPC User Password Management

              what you're saying does not align with the product design - for you to deploy and have one password, then do a collect and send props and suddenly get another would imply that the password just changed within EPO - there's no "deployment password" and "current password" properties that I know of - it's all the same.

               

              you might want to log this with your platinum support person if 6.12 does not stabalize things, as I don't know of anyone else getting this exact behaviour.

              • 4. Re: EEPC User Password Management
                ecardanha

                Ok that is how I thought the product was designed to function that once the password was defined in the ePO user table it should be deployed the same across the board.  6.1 was giving me the results I mentioned above.  I just started getting the 6.1.1 rolling out so I will certainly give it time to see if the issue goes away.  When is 6.1.2 meant to roll out to the public?  I am also still using ePO 4.5 Patch 4 Hotfix 1, could this be an ePO issue causing the sync to not happen as designed?