3 Replies Latest reply on Mar 27, 2012 8:59 AM by SafeBoot

    EEPC SSO issue + default pass

      Hi everybody,

       

      I want to ask you for help with Pre-Boot login, especially with Single-Sign On. I set All disks encryption . My EEPC policy on Log On Tab is followed:

       

      Enable automatic booting - disabled

      Do not display previous user name at log on - enabled

      Enable on screen keyboard - enabled

      Add local domain users (and tag with EE:ALDU) - enabled: Add all previous and current local domain users of the system

      Enable Accessibility - disabled

      Disable pre-boot authentication when not synchronized - disaled (unchecked)

       

      Enable SSO - enabled

           Must match user name - enabled

           Using smart card PIN - disabled

           Synchronized EE password with Windows - enabled

           Allow user to cancel SSO - enabled

      Require EE logon - disabled

      Lock workstation when inactive - enabled (after 10 minutes)

       

      As for UBP, token type is password only, default password was chenged and is used, password history are is disabled, also prevent change. Self-Recovery is enabled, NO. of invalid attempts is set to 3 and 3 recovery questions are used.

       

      Another settings are not important in connection with my issue (I think so. But I can specify them if anyone wants)

       

      Now , my problem. SSO in Pre-Boot authentification behaves strangely. Synchronization with Win password doesn't work. For example, when I change password in Pre-Boot (synchronization with Win password is turned on), I am logged directly to Windows. After restart is same situation. Pre-Boot ignores sync and log me with his password diectly to Windows.

       

      Another problem is first authentication after installing and activation of EEPC and when encryption starts. At this point, I restart PC, in Pre-Boot authentication enter user name (obtained from LDAP), but then EEPC doesn't aply default password (12345) but he want only my Pre-Boot password (which I created earlier on this machine. But EEPC was completely uninstalled from this machine). I tried many variants but with no success.

       

      Please, can you tell me what I do wrong ?

       

      Thanks

       

      Jan

        • 1. Re: EEPC SSO issue + default pass

          first, please tell us what product/version you are using?

           

          Now , my problem. SSO in Pre-Boot authentification behaves strangely. Synchronization with Win password doesn't work. For example, when I change password in Pre-Boot (synchronization with Win password is turned on), I am logged directly to Windows. After restart is same situation. Pre-Boot ignores sync and log me with his password diectly to Windows.

           

           

          Yes, this is to be expected - the sync is Windows>EEPC, not the other way around. If you change your pre-boot password, you just change the pre-boot password. Nothing else. EEPC still knows what your actual Windows password is.

           

          Another problem is first authentication after installing and activation of EEPC and when encryption starts. At this point, I restart PC, in Pre-Boot authentication enter user name (obtained from LDAP), but then EEPC doesn't aply default password (12345) but he want only my Pre-Boot password (which I created earlier on this machine. But EEPC was completely uninstalled from this machine). I tried many variants but with no success.

           

          The password is sent to whatever management system you have, and reflected to every machine your account is allocated to - it's not a "machines specific preboot password" - it's enterprise wide.

           

          Once it's set somewhere, it will get propageated everywhere.

           

          Message was edited by: SafeBoot on 3/22/12 11:23:03 AM EDT
          • 2. Re: EEPC SSO issue + default pass

            Thank you for answer. I have the newest version 6.1.3.7409862

             

            I want to ask another question. Where Pre-Boot passwords are stored ? Are they encrypted ? Can not anyone steal them and use at stolen laptop ?

             

            Thanks

             

            Jan

             

            Message was edited by: jan.ramone on 3/27/12 2:23:36 AM CDT
            • 3. Re: EEPC SSO issue + default pass

              in the pre-boot file system, encrypted with the user key. If you steal a laptop the pre-boot password protects everything.