Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 4744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory

Nexus72

I currently have Sophos Safeguard Enterprise for laptop encryption. We will be beginning a 120 day password change in a few months, currently I do not sync with active directory and wanted to know if I should turn that on or what issues I may run into with password changes and what effect that will have on our current enviorment.

:55404


This thread was automatically locked due to age.
  • 0

    Hi,

    Accounts used to authenticate in the POA (the initial log in screen when booting the device) are seperate accounts to those you use to authenticate in Windows. The username and password is kept the same so that the user only has to enter one set of credentials. Effectively Safeguard sends the credentials entered in the POA to the Windows log in screen to automaticly log the user in. If a password is changed in Windows it will not change in the POA unless the password change was made on the encrypted laptop.

    If the passwords get out of synch (for example if the user changes their password on another machine) they will need to enter their old password in the POA and then their NEW password in the Windows log in screen. They are then usually prompted for their old password by Safegaurd again. Once this has been entered the user can synchronise their laptop and the POA should accept their new password.

    Even if you synchronise with Active directory it wont update any passwords you have stored on individual laptops. All it will do is organise the computer accounts in the management center into the same folder structure as your active directory domain. That can help if you are deploying policies in the managment center to machines in specific OU's but wont have any affect on the passwords.

    You CAN change passwords for accounts in the management center however this will only change the password in the POA. Also because the POA is network independent the user will need to log into windows and synchronise, either by entering in their old password, performing a challenge respnse or getting another user to log on.

    FYI - Every time a user changes their password local self help will become disabled and will need to be re-enabled by the user.

    Hope this helps!

    :55408
Unfiltered HTML