4 Replies Latest reply on May 13, 2013 3:56 PM by SafeBoot

    Force EPO password sync


      I noticed in some screenshots of previous versions of EE on windows XP there was an option to synchronize the client password with ePO.


      Is this a feature that can be implemented in the latest EE under windows 7?


      Are these the only two scenarios where mcafee updates the PBA password?

      1. A user changes their AD password using CTRL+ALT+DEL
      2. Single Sign On from pre boot authentication fails




      Also, if I change a users password in AD, and set the option to require them to change it at next login, will McAfee pick that up as a password change to update the PBA login credentials??




      Message was edited by: lewiss on 4/23/13 9:33:38 PM CDT
        • 1. Re: Force EPO password sync

          I'd be interested in seeing this too...I need to have SSO turned off (and as such windows password sync turned off) due to incompatibilities with Imprivata OneSign, so having a way to force EEPC/EPO password sync's would be great.


          At the moment, if i change password at pre-boot, most of the time it will sync my password up to ePO, and when encrypting a new device it'll have my updated password...

          On other encrypted devices that are connected to the network, it will also usually update my pre-boot password to match too... However this doesn't always happen & these devices will be stuck with my old password...

          • 2. Re: Force EPO password sync

            Not sure what option you are thinking of - can you share a screen shot? The functionality is the same between all the versions though.


            Yes, you are right about the times eepc will sync the windows password into the preboot.


            If you change the pwd in ad, it won't cause a change on the client until the user has to renter their creds after a failed sso - with cached creds this could be some time later. If you tag the user with a change password request, it will happen as soon as they change their password.


            Eepc can only see events which happen on eepc protected endpoints.

            • 3. Re: Force EPO password sync

              Here is a shot of what I was thinking of.



              • 4. Re: Force EPO password sync

                Ah! All that's handled by the McAfee agent now for all products. Look up "collect and send props" in kc.mcafee.com - there are lots of articles.