The IT Analyst responsible for imaging all of our laptops is having a problem logging on after installing the SEE Management and FDE agents, it doesn’t accept the Analyst credentials after installing the agents on start-up via GPO but will accept anyone else’s.
It’s a strange problem that I have no explanation for…very annoying. The Analyst domain account is a local administrator of the machines.
Steps on build
Image laptop with Windows 7
Add laptop to the domain
Log onto Laptop with Domain login (local admin rights)
Add machine into Active Directory location where group policy for SEE packages are applied
Perform gpupdate / force and reboot – Packages install successfully
Log onto the machine at Windows screen with Domain login
Shut down and restart the computer
Use the same Domain log in credentials to access SEE screen
It doesn’t work, credentials are invalid!
Unlock the machine
Analyst then Use’s helpdesk tool (F4 option) to bypass the SEE pre-boot screen to get access back onto machine – at least that works fine!!
Analyst Logs on successfully at Windows login screen
Logs off and asks a different user to log on, this works with a standard domain user account!! (not local admin)
Shut down and restart the computer
Standard user uses the same log in credentials to access SEE screen
It works under that account!
Try again
Log standard user off to get back to Windows Login screen, Analyst logs on
Shut down and restart
Use’s the same log in credentials to access SEE screen
It doesn’t work!
I’ve absolutely no idea or explanation … I need to get to the bottom of this in case it happens to anyone else.
If I run the below command on the laptop I can see the analysts domain account is registered correctly as a windows user, attribute is set to: S for single sign on
“C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\eedAdminCli.exe” –list-users –au FDEadmin --ap Pass
Can anyone shed any light on this or give some troubleshooting steps on where I go next…..
Thanks