Require Token with Safeguard

I am actually seeing a similar issue here.

I had to create some new policy's for machines with skylake processors since the tokens no longer work at POA which is a whole separate annoying issue on its own that needs fixed. The issue is when I did that we had to allow username/password at POA but now I am unable to make the safenet software FORCE token login at the windows cont-alt-delete screen users are able to log in without a token. All the Group policy options for the token software are the same just inheriting to a new sub ou. For the life of me I am unable to figure it out.

I have a question then does this option also control windows logon even though the description only says POA?

Hi Typhoon87 

What is the OS on the machine, where the Token is not working? Please refer to the article SafeGuard Enterprise 8: Supported middleware, tokens and smart cards to confirm that your token is supported.

Windows 7 Pro

Its Windows 7 Pro SP1. The tokens are supported and work. Again the issue is WIndows is showing the option to log in without it. Only on the new machines. There are no other policy diffrencets that I can find.

Hi Typhoon87 

Is the token plugged into USB 2.0 or USB 3.0? If it is plugged into USB 3.0 try using USB 2.0. If the token is old they may not work with the USB 3.0. Let me know if this helps resolve the issue.

Hi Typhoon87 

Is the token plugged into USB 2.0 or USB 3.0? If it is plugged into USB 3.0 try using USB 2.0. If the token is old they may not work with the USB 3.0. Let me know if this helps resolve the issue.

The tokens are newer and do work in USB 2 and 3 we have tried both.

I really feel this is a policy issue as older machines it works as intended. On the newer machines (skylake) we have issues. I created a duplicate poicy and the only change should have been the POA allowing username/password. But now if offers username password at the windows login as well.

Do you have further things that I can look at or try?

Hi Typhoon87,

Did you get a resolution on this? I am having the same issue. Due to the Skylake chipset, tokens are not detected at POA.

I have setup TPM + PIN at POA and Token only for Authentication. However, if you click on "Switch User" before logging in into Windows you are able to log in with username + password. Policies are the same for previous machines and they work as intended.

Specs
Win7 Pro
Safeguard 7 (Encrypted with Bitlocker)
Skylake Chipset

Thanks.