This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safegaurd and Windows control userpasswords2 command autologin issue

Hello! We have some common area laptops that we have set to autologin to a generic local account. These machines are not on the domain. They are running Win7 x64 Ent. Sophos Safegaurd and Encryption 5.5xxx

I have setup the autologin with the windows built-in ability:

1. CMD as admin

2. "control userpasswords2"

3. select user, remove checkbox from "Require password to login"

4. enter that users credentials

5. Windows now automatically logs in as that user upon startup

After I install sophos safegaurd encryption, the follow symptoms occur:

1. Windows still auto logins, but a static sophos login window appears on the desktop and requires the password for that user to be entered again. This defeats the purpose of skipping the password prompt at startup. I do not want to distribute the password of this account to those who use it becuase the laptops are setup like a Kiosk, One Purpose/program, otherwise locked down machines.

2. If I log off, I see the user account twice on the user selection screen:

  - (Windows)UserAccount_A

     -Manual or automatic login to this selection triggers the secondary sophos login prompt at desktop

  -(Sophos Safegaurd Lock Logo)  MachineName\UserAccount_A

    -Manual Login to this account does NOT prompt again for sophos login

So, Is there a way to either:

1. Login to the windows account and bypass the secondary sophos login

2. Or Setup an automatic login to the User account with the sophos lock symbol

Any Help is appreciated. Thank You.

:35671


This thread was automatically locked due to age.
Parents
  • Hi stapler,

    the additional SafeGuard login mask that appears when using the Windows Credential Provider is called Authentication Application and is required to connect the Windows User to his SafeGuard account (for encryption keys etc..) when the POA is disabled.

    As it sounds like as if you don't need the authentication, you could use a SafeGuard system policy to completely suppress the authentication request.

    The system Policy comes with the install sources and is located in the Tools folder. It is called Disable_InsistOnSGNAuthentication.xml.

    The installation of the system policy is explained in the documentation, please find an extract below:

    1) In SGN MC/SGE PE | Tools | Options | Company Certificate, click the button 'Sign File for Policy Cache'

    2) Browse to the file, click "OK" and the SGN MC/SGE PE will create a new file called Disable_InsistOnSGNAuthentication_signed.xml.

    3) To apply the system policy to the SafeGuard client machine, the signed system policy (Disable_InsistOnSGNAuthentication_signed.xml.) can now be copied into the client's Import folder in the LocalCache:
    - For Windows XP, Windows Vista, Windows 7: %ALLUSERSPROFILE%\Application Data\Utimaco\SafeGuard Enterprise\Import

    Reboot the SafeGuard Client machine to apply the changes.


    Side note: Automatic logon to the SafeGuard Credential Provider (as requested in 2) is not allowed.

    Cheers,
    Chris

    -- Edit: Removed typos ..

    :35769
Reply
  • Hi stapler,

    the additional SafeGuard login mask that appears when using the Windows Credential Provider is called Authentication Application and is required to connect the Windows User to his SafeGuard account (for encryption keys etc..) when the POA is disabled.

    As it sounds like as if you don't need the authentication, you could use a SafeGuard system policy to completely suppress the authentication request.

    The system Policy comes with the install sources and is located in the Tools folder. It is called Disable_InsistOnSGNAuthentication.xml.

    The installation of the system policy is explained in the documentation, please find an extract below:

    1) In SGN MC/SGE PE | Tools | Options | Company Certificate, click the button 'Sign File for Policy Cache'

    2) Browse to the file, click "OK" and the SGN MC/SGE PE will create a new file called Disable_InsistOnSGNAuthentication_signed.xml.

    3) To apply the system policy to the SafeGuard client machine, the signed system policy (Disable_InsistOnSGNAuthentication_signed.xml.) can now be copied into the client's Import folder in the LocalCache:
    - For Windows XP, Windows Vista, Windows 7: %ALLUSERSPROFILE%\Application Data\Utimaco\SafeGuard Enterprise\Import

    Reboot the SafeGuard Client machine to apply the changes.


    Side note: Automatic logon to the SafeGuard Credential Provider (as requested in 2) is not allowed.

    Cheers,
    Chris

    -- Edit: Removed typos ..

    :35769
Children