HP,Altiris Group

  • 1.  How to restrict Disabled users from login

    Posted Oct 26, 2012 10:10 AM

    Hi,

    We are using PGP Universal server 3.2 and configured WDE .

    Multiple users login to the same system on shift basis.

    In PGP Desktop we have created users who login to the respective systems.

    Issue:

    Even after disabling the user in Active Directory, if we try to login in to the system with the disabled username from PGP BootGuard , the system is booting and user is able to login.

    Only after logoff, next time it is not allowing to login.

     Please let me know if we can clear cache for login or any other method to avoid logins from disabled users.

     

    Thanks in advance.

     

     

     



  • 2.  RE: How to restrict Disabled users from login

    Posted Oct 26, 2012 11:50 AM

    You will need to decrease the time in which policy is refreshed.  Policy refreshes happen by default every 24 hours, or automatically when PGP Desktop starts - which is why after the next logoff they are no longer able to log in.

    Depending on the size of the organisation, change the policy refresh accordingly, it can be set to as low as 5 minutes (off the top of my head)

     

     



  • 3.  RE: How to restrict Disabled users from login

    Posted Oct 29, 2012 12:53 AM

    I have configured the policy "



  • 4.  RE: How to restrict Disabled users from login

    Posted Nov 07, 2012 09:15 AM

    OK.I think i understand the problem here. PGP BG is using stored cache to login to the system. After you disable that user in the AD, it only gets updated the next time you login. You want this to be updated without logging off the system?

    If that is correct, this is due Windows implementation of how it sync user credentials with the AD.  Although it shouldn't work, try gpupdate.

    I'll get back to you with more on this.

     

     

     



  • 5.  RE: How to restrict Disabled users from login

    Posted Nov 15, 2012 11:33 PM

    Log-off  option is removed from users system as this one of the project requirement. Users can only shutdown systems.  

     



  • 6.  RE: How to restrict Disabled users from login

    Posted Nov 16, 2012 03:44 AM

    Just to confirm does it work if you run gpupdate /force ?



  • 7.  RE: How to restrict Disabled users from login

    Posted Nov 22, 2012 12:19 AM

    When we run gpupdate /force, the message will be displayed as press "ctrl-alt-del" in the task bar. 

    If we press  "ctrl-alt-del" it works and user will not be able to login.  But nobody will follow this and as per compliance, this is not suggested.



  • 8.  RE: How to restrict Disabled users from login

    Posted Nov 22, 2012 12:59 AM

    Oh! Thanks for the information. I thought you have to format the settings and refresh it.