Video Screencast Help

PGP WDE - Windows AD Password Change

Created: 05 Nov 2013 | 5 comments

I have a similar problem as this locked thread:

https://www-secure.symantec.com/connect/forums/pas...

I have a user who has several laptops. When he changes his AD password on one, the PGP boot screen does not pick up the change on the 2nd laptop after logging into Windows with the new password for the first time on the 2nd laptop.

Am I understanding correctly that the ONLY way to have password syncing work between windows/PHP Boot screen is to use the CTRL-ALT-DELETE change password method? If so, this is really an issue for us.

The other issue we have is that our users travel a lot. Sometimes they are away, so they cannot connect to the LAN to change the password. They have to use online web password reset tools. They understand to use the old password locally until they get back into the office, and the new password to access email. However, when they arrive back at the office, everything syncs (Windows logon at least), but PGP still has the old password.

Why, when a user logs into Windows successfully, is PGP not updated with the current credentials?

Lastly, I do not have SSO enabled becuase I do not want automatic passthrough authentication to the desktop. I have had way too many times when users get that PGP SSO user account login error. So, I want them to enter thier password at boot, and at login. But, I want those passwords to always be in sync.

Operating Systems:

Comments 5 CommentsJump to latest comment

Anthony_Betow's picture

Hi Spitty,

The password change with Bootguard only works with the SSO option for Active Directory. 

Sounds like you just have a passphrase user for the Bootguard.  This password would have to be changed manually in the PGP Desktop interface of the user access list.

Thanks

Anthony

spitty's picture

The user is an Active Directory user. That is where the issue comes in, they change their AD password, but the Bootguard does not get the change.

I do not use SSO option in the passphrase user config becuase I do not like the auto-logon feature once Windows is booted. However, even if I do use this option, the issue stille exists.

Anthony_Betow's picture

For Bootguard to update with a password, you must use the SSO option for this feature to work.

If Bootguard doesn't update on the first re-boot then it will usually update on the 2nd re-boot but this is only for SSO.

For the Passphrase user, password would have to be changed manually with in the PGP desktop interface.

There is no auto-sync for the passphrase user, if you want auto-sync then SSO is the only option.

Thanks,

Anthony

 

spitty's picture

Is there any way to enable SSO, but disable the automatic logon? Regardless, even with the SSO enabled, I still get the same issue. Even after sever reboot, the password is not synced back to the boot screen. When this happens, the PC tries to login with some "PGP SSO" user account, and then fails. This really annoys the end users, especailly when they are on the road. 

Anthony_Betow's picture

Hi Spitty,

Here is the article to disable the auto-login feature:

http://www.symantec.com/business/support/index?page=content&id=HOWTO42010

Hope this helps.

Thanks

Anthony