This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safegaurd keeps saying users username and password is incorrect - but not

Hi.

I have a few users lately where Safeguard is saying that their username and password is incorrect. However when I try their password I get the same thing. I can get them logged back and sync'd the safeguard server and they can login back in, but every now and again it locks them out again. Active Directory accounts are not locked.

Some of the trouble shooting I have done is:

1: Checked the last key received, last certificate received and last server contacts are all the same

2: Checked the users status which should sgn user (owner)

3: Removed and re-added the certificate and sycn'd with the safeguard server. The key, cert and server contact all match up fine, user is the owner.

4: Removed the cert from the management console and got the user to add their password when they are prompted. This does not work either.

I'm suspecting that the newer windows version are having a problems. Some of the users are on 2004

The version of safeguard that is being used is 8.0.

Any assistance would be great.

Thanks,

Rob.



This thread was automatically locked due to age.
  • Yes, but this is dependant on policy. IF you have decryption/uninstall available in the active policy then it will. Or create a policy that allows it, install this and then decrypt or uninstall if needed. If you just try to decrypt the SSG will overpower this and just re-encrypt. This is for security - it's not a fault.

  • From the policies I can see the decryption isn't on any group policy. how would we decrypt the hard drive once applied? When building machines I would use powershell and use command manage-bde -on c: This encrypts the drive. Would the reverse need to be done? Also I have noticed that out of the box machine encrypt straight away. Is worth decrypting before adding safeguard?

  • Also where can I see what policy is applied from the client end?

  • Yes, select the client and use the RSOP tab to calculate what policies are applied to the client and in what order. Putting in a username will give you the resulting policies for that user. It can be left blank. Click Calculate. The summary of all the settings applied to that client will then be shown. The two settings you want to be looking for are " Uninstallation allowed" - under Machine Settings and "Media encryption mode" in Device Protection. That said there are other ways/settings to allow decryption but I'd start there!  Personally when I decrypt a client/remove SSG I have a configuration MSI to run locally that has a default decryption/uninstall available as the default. I have known on many occasions that despite the latest policy being applied - the client will still not apply this change. Installing the policy locally rarely fails to work! 

  • Ok thanks I will take a look. I have removed SG and decrypted the hard drive, added SG back and re-ecnrypted to see if that solves it. I have also noticed that there may be a bug in the 2004 OS that stops users logging in with username and password