Overslaan naar hoofdinhoud

What happens when the network password is changed for a user with an SSO FDE login? - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

What happens when the network password is changed for a user with an SSO FDE login?

Lijst van auteurs
NOTE: This article does NOT apply to DESlock+ 4.8.0 or later, where the process is now handled automatically without user interaction.

 

If you're having problems signing in after changing a network password and are using DESlock+ 4.8.0 or later, please see our article below:

KB424 - Single Sign-On (SSO) and network passwords

 

 

Suppose a user has an FDE login on an encrypted workstation, which is using Single Sign-On (SSO). This will enable them to boot directly into Windows by entering their normal Windows login password into the FDE preboot login. In most cases this password would be their domain password, but this could equally be a local Windows account. The pre-boot FDE login username can be anything and is in no way related to their domain or Windows login username.

Normal use case

If this password is changed on the machine directly, then the FDE login password should automatically be updated. Therefore the pre-boot login password should automatically remain in sync with the network password.

However, there are cases where this could not happen. For example the password could be changed directly on the domain server, or the user could have multiple FDE logins and the network password could be changed on one machine which of course not affect any other machines.

Password out of sync

Changing the password on the server, or on another machine, can mean that the preboot FDE login can become out of sync with the Windows login. This will result in the failure of Single Sign-On to log into Windows.

Alternatively the user may simply forget their password and will be required to perform Full Disk Encryption password recovery.

In both cases it is likely the machine will simply boot to the Windows login screen and not progress.

Failed SSO

Resync Password

If SSO fails, the user must manually log into Windows.

Windows login dialog

Once this is done, Windows will begin to load. Very soon you should see a dialog prompting to resynchronise the password.

Reconfigure SSO

This dialog will confirm:

  • The FDE pre-boot login username
  • The Windows login domain
  • The Windows login username

The dialog will require the user to enter:

  • Their current FDE login password

Please note this dialog is asking for the current FDE login password. That is the password that was just entered to boot the workstation, or the password that was chosen in the FDE recovery process. It is not asking for the Windows login password.

If you successfully enter the password you will see the following message.

SSO Reconfigure Complete

If you do not see this message it is likely you entered the password incorrectly and the preboot password will not have been entered. Please reboot and try again but if you cannot login with the new password try the old password.

Reactie toevoegen

Log in of registreer om een reactie te plaatsen.

Heeft u een wachtwoordherinnering nodig?