Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 16317 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Challenge Response

ia-hawk-fan07

Hello we are noticing on Sophos Safeguard Easy 6.0 something that we do not think is right. When doing a challenge response the user is only logged in past Sophos. They are then stopped at Windows to log in. Since the user can not remember their password they are not able to log into Windows. Also since they are not being asked to change their password they are not able to go any further. It seems like we are missing a setting either in Windows or Sophos just not sure what it might be. Any help would be appreciated.

:28985


This thread was automatically locked due to age.
Parents
  • 0

    Hi Chris,

    We are currently working on getting Local Self Help turned on for our field force. However. There will still be times when Local Self Help is not set up and the user will need a password change. Either because they forgot it or they just are having some other issue. Our field force is disconnected so we can not use AD to reset a password. I think this is where challenge/response really falls short. There should be an option to log in thru both Sophos and Windows to get to a point where a user could change the password. Or even have the option to force the password change to sync back to Windows.  Even more so when we are talking about disconnected users, like the ones that would be using Safeguard Easy.

    What is even more upsetting is that in the Policy Editor--->Recovery--->Help file it states that you should hand out Admin log in account info to get around this. For a security company that seems highly suspecious. When would that ever be a good suggestion?

    Sorry I do not trying to be mean, but this is creating a large security gap for us that I need to get figured out or have a very good work around.

    :29039
Reply
  • 0

    Hi Chris,

    We are currently working on getting Local Self Help turned on for our field force. However. There will still be times when Local Self Help is not set up and the user will need a password change. Either because they forgot it or they just are having some other issue. Our field force is disconnected so we can not use AD to reset a password. I think this is where challenge/response really falls short. There should be an option to log in thru both Sophos and Windows to get to a point where a user could change the password. Or even have the option to force the password change to sync back to Windows.  Even more so when we are talking about disconnected users, like the ones that would be using Safeguard Easy.

    What is even more upsetting is that in the Policy Editor--->Recovery--->Help file it states that you should hand out Admin log in account info to get around this. For a security company that seems highly suspecious. When would that ever be a good suggestion?

    Sorry I do not trying to be mean, but this is creating a large security gap for us that I need to get figured out or have a very good work around.

    :29039
Children
No Data
Unfiltered HTML