Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 1460 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SGE Standalone 5.4 question?

rei

Hi,

We use SG Enterprise Standalone 5.4 to secure our laptops with a generic pre-specified POA login (we also have an override account we use) we give out to the user. Passthrough to Windows login is disabled.

I understand the certificate for login is created once the user logs in locally. In this case they login to a domain and the profile is then cached locally onto the HD of the computer. If a user forgets their domain Active Directory password, we can reset it for them, but once they login to the SafeGuard-protected computer, it also asks them for the "old" password (that was cached the last time a successful login was made to Windows) ...

...is there any harm in hitting "cancel" and having SafeGuard generate a new certificate to match their updated AD password to allow local login? I am assuming there should be no ill effects if they don't use this AD domain login to login to the POA. This is in a situation where the user has completely forgotten their previous password and can't type it into SafeGuard.

:2653


This thread was automatically locked due to age.
  • 0

    Hi rei,

    thank you very much for submitting this post.

    Actually when reading through your posts it seems as if the issue could be circumvented in case that you would use SafeGuard Enterprise slightly different... so in case that every user would the a valif SafeGuard Enterprise user you could then easily create a C/R with user logon in case that a user has forgotten his old password > this will then automatically trigger a password change at Windows level having the old password filed even pre-filled!

    Besides this as of SGN 5.50 there is the possibility to have so called POA User accounts - these accounts can be added to the POA but will not pass through to Windows > they can be used as general service desk account for example. This is a unmanaged only option at the moment.

    With regards to the process of changing the password please be so kind search the knowledge base at sophos.com for 110107 - This will give you a password change flow chart that should answer all your questions.

    Regards

    Dan

    :2726
  • 0

    Hi, I am trying to set-up and use Safeguard v5.40.0.152 in stand alone configuration, the documentation refers to the ability to be able to create to create POA access for POA logon as mentioned in Chapter 13 of the Administrator help.

    As mentioned the the post above v.5.50 allows POA User accounts, can anyone confirm if these accounts are applicable to Safeguard in Stand alone config?

    Thanks,

    Chandresh

    :4238
  • 0

    Hi Chandresh,

    you might wanna have a look at this KBA whcih should answer your question:

    http://www.sophos.com/support/knowledgebase/article/109471.html

    Additionally please see section 13.2 of the below guide for more info:

     http://www.sophos.com/sophos/docs/eng/manuals/Utimaco/ssg_55_aheng.pdf

    Regards

    Dan

    :4326
Unfiltered HTML