Disable SSO function
|Article:TECH168502|||||Created: 2011-08-31|||||Updated: 2012-07-19|||||Article URL http://www.symantec.com/docs/TECH168502|
PGP Whole Disk Encryption includes the Single Sign-On (SSO) feature. It synchronizes the PGP Whole Disk Encryption authentication with the one required by Microsoft Windows when a user boots a computer. Once a disk or boot partition is encrypted, the next time the user starts the system, the PGP WDE BootGuard screen appears immediately upon startup. Logging in at this point also logs the user into the Windows session. The users does not have to log in twice.
This article details the steps when you do not want the current user to use SSO function anymore.
For new enrollment and on an unencrypted machine
The PGP WDE SSO feature can be disabled by choosing the option: "Deny encryption of disks to existing Windows SSO password" on the Disk Encryption tab of the PGP Desktop Settings for any consumer policy.
For current SSO users
1. On PGP Desktop, then click PGP Disk > Encrypt Whole Disk.
2. Click New passphrase user then select Create new passphrase and click Next.
3. If prompted for passphrase, enter the current passphrase (Windows password).
4. Reboot the computer and use the new passphrase.
5. After logging on to Windows, open PGP Desktop again and select PGP Disk.
6. Choose the SSO user and click the Delete user button (placing the mouse cursor over a user name will show you if it is a Single Sign-On user or Passphrase user)
7. Reboot the computer and it will no longer use the Single Sign-On feature.
Article URL http://www.symantec.com/docs/TECH168502