This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

POA being bypassed

I have added a pc to the safeguard management center. I have configured the POA users and they work. but I have noticed that when authenticating, if my domain is set to the local machine I can use the regular windows authentication to pass the first login screen where the POA user would be used. Is there a way that at this point only POA specified users can be used to authenticate?



This thread was automatically locked due to age.
Parents
  • Hi Anton,

     

    This would be controlled by the "Machines Settings" policy applied to that User / Machine.

    Under the Section "User Machines Assignment (UMA)". In the section you can lock down who can add users to the POA. If once the machine was set up as you wanted it, the policy could be changed to "Allow registration of new SGN users for" to "Nobody" 

    This would mean that once the POA was set how you wanted it no new user could be added with out a policy change.

     

    Bill.

Reply
  • Hi Anton,

     

    This would be controlled by the "Machines Settings" policy applied to that User / Machine.

    Under the Section "User Machines Assignment (UMA)". In the section you can lock down who can add users to the POA. If once the machine was set up as you wanted it, the policy could be changed to "Allow registration of new SGN users for" to "Nobody" 

    This would mean that once the POA was set how you wanted it no new user could be added with out a policy change.

     

    Bill.

Children
  • I did the change to the policy as you suggested, but I noticed the only way to get the desired result is to remove the Windows user from the confirmed users list in the safeguard management center. the problem with this after a few reboots  the auto login starts and skips the POA authentication step. So at this point I am still not able to get the two tier authentication I need.

  • Hi Anton,

     

    The POA must have 1 owner.  This is working as designed.  

    If you raise a case with Technical Support they'll be able to assist you with this and hopefully find a better solution for you.

    Bill.