This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Gear Icon Login Icon vs. Regular Login Icon on Windows 10

What's the difference between the two? I assume it has to do with the one with the gear having access to the user certificate assigned? Another thing being that it's been reported that some users cannot login as a different user sometimes and can at other times. Can this have to do with using one displayed login over the other in terms of one login having the gear icon and the other not having it. The use case is with users trying to login with an adm account to change their passwords or trying to login as the local admin.



This thread was automatically locked due to age.
Parents
  • Hi - The "normal" figure is using Windows as your credential provider. The Sophos Cog is using Sophos as your credential provider. This in turn can pass authentication through to the Sophos SG client. You could still log on using the Windows Credential Provider but you'd find Sophos SG client would constantly pop up asking for you to authenticate against that.

    Each authentication method has its own provider - fingerprint, smartcard etc... 

    You can hide the "normal" one if you like, but there can be repurcussions of this - This article may help futher. It does look tidier and less likely to cause an issue, but in the end I decided that user education would be easier!

    https://community.sophos.com/kb/en-us/114190

     

    When you say they can't/can log in - Are the computers part of AD (Active directory) or a workgroup?

     

     

     

Reply
  • Hi - The "normal" figure is using Windows as your credential provider. The Sophos Cog is using Sophos as your credential provider. This in turn can pass authentication through to the Sophos SG client. You could still log on using the Windows Credential Provider but you'd find Sophos SG client would constantly pop up asking for you to authenticate against that.

    Each authentication method has its own provider - fingerprint, smartcard etc... 

    You can hide the "normal" one if you like, but there can be repurcussions of this - This article may help futher. It does look tidier and less likely to cause an issue, but in the end I decided that user education would be easier!

    https://community.sophos.com/kb/en-us/114190

     

    When you say they can't/can log in - Are the computers part of AD (Active directory) or a workgroup?

     

     

     

Children
  • Thanks for clarifying this and that makes total sense now; I agree education will probably be best. Users are on an enterprise domain and the normal username is used with SafeGuard. The users having issues also have admin accounts on the same domain which are not registered in SafeGuard. These users also have access to the local administrative account for use to troubleshoot. 

  • These troubleshooting accounts are probably best set up as Service Account Lists I think? This is a list of local/domained users that can log onto the PC and NOT become the "Owner" of the device (as far as Sophos SG sees it).