5 Replies Latest reply on Jan 8, 2016 4:47 AM by mcvoodoo

    Can't reset password for a user for drive incryption via EPO page.

    davidgg

      For some reason the Challenger question ain't working for password reset.

       

      i've tryed all these options.

           - Unlock Disabled User

           - Reset Token

           - Reset To Password Token


      After using these options, the change for the password goes true. BUT when i try to log in... it's not working, it's telling me the password is wrong.


      thanks for the help !


      DE 7.1

      EPO 4.6

        • 1. Re: Can't reset password for a user for drive incryption via EPO page.
          jhall2

          Changes made in the ePO console must be synchronized to the client machine from Windows. To start this process, click Collect and Send Props in the McAfee Agent Status Monitor. Prior to rebooting, always check that the MDE Status Monitor shows Policy Enforcement Complete. If it shows "creating event", the policy enforcement isn't complete and the changes may have not yet been applied.

           

          If you are at preboot, no token resets performed in ePO will be applied as there is no active network stack to communicate with ePO. You will need to click "Options | Recovery" in preboot and from ePO "Menu | Data Protection | Encryption Recovery" and perform a User token reset.

          • 2. Re: Can't reset password for a user for drive incryption via EPO page.
            davidgg

            I've did try the reset token and reset to pass token... it goes true BUT we i try to log in 2 sec after with same information. It's not working as it's telling me it's the wrong password.

            • 3. Re: Can't reset password for a user for drive incryption via EPO page.
              mcvoodoo

              I occasionally get this very same problem.  I've tried removing the user from the computer in ePO, then waiting for the removal to sync to the PC, then adding the user back to the PC, but the PC seems to cache wrong password.  No amount of resetting the users token seems to actually reset the user token.

               

              I'd like a way to completely remove the users PBA information from the laptop so that I can add it afresh.  Does anyone know how to do this (I'm about to have a read up on DEtech to see if this can help).

              • 4. Re: Can't reset password for a user for drive incryption via EPO page.
                dinu007

                Hi,

                 

                Check with the credential manager whether password for encryption is stored in that or not ?

                If it is there remove from vault & then try to login.

                 

                Add another user in that laptop then delete first user & after reboot re-add the same user & try.

                • 5. Re: Can't reset password for a user for drive incryption via EPO page.
                  mcvoodoo

                  I hadn't thought of credential manager, but sadly there's nothing in there.  Thinking about it, as it's part of Windows, and DE is pre-boot it probably wouldn't.

                   

                  I remembered something I read a couple of months ago though, where the pre-boot password lockout was caused by the user being authorised on another device.  If you search for the user in DE users and remove the user from both devices, log in to the machine and wait for the user to disappear from the list of authorised users in MCAFEE SYSTEM STATUS MONITOR -> QUICK SETTINGS -> SHOW DRIVE ENCRYPTION STATUS -> SAVE MACHINE INFO... (you can speed this process up by Collecting and sending props, sending events and enforcing policies repeatedly in MCAFEE SYSTEM STATUS MONITOR), then add them back to a single device, it resets the users password in pre-boot.  I can only presume a different password from the second device is getting sync'd to the first device.  Deleting the user from both devices clears this.  This process worked for me.