Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 5813 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Enterprise Credential Provider for Windows 7 - Conflicting with other credential mods

SteveAU

Hi all,

I have gone thorugh the sophos doco and MSDN doco and found out that windows 7 doesnt use simple GINA chaining which is making my life difficult.

We are rolling out ManageEngine ADSelfService which modifies the windows credential provider giving a link on the windows 7 login screen to click  if you have forgotten your password , you are then taken to a self service PW reset page.

But when installed on a machine with Sophos safeguard the modifications don't occur and that link if you have forgotton your pasword doesnt appear at all, you just still have the sophos icon on the login screen.

If you go the other way around  and install sophos safeguard on a machine that laready has ManageEngine ADSelfService on it, the Sophos icon never appears on the logon screen.

 So whichever is installed first stays and the second thing installed doesnt modify the login page at all.

So what exactly is the Sophos credential provider? Going through our Sophos documentation I can;'t find a straight answer as to what its for!

So I either need a way to get it working with ADSelfServicePlus or find out what the implications are if we don't install that login modifying component of safegueard.

:28445


This thread was automatically locked due to age.
  • 0

    Hi StevenAU,

    with Windows 7, you don't have the GINA system anymore like in XP, where you can chain different GINA systems after each other but you have a new logon method known as Credential Providers. Credential Providers cannot be chained but exist beside each other.

    So after installation of SafeGuard Enterprise, you have an additional Credential Provider available that should be used to logon to the Operating System as the SafeGuard Credential Providers handles different SafeGuard specific actions (performing User Machine Assignment, logging on the user to its Keyring etc ...).

    You can always choose a different Credential Provider if you hit "other credentials" below the Credential Provider picture.

    If you do not use the SafeGuard Enterprise Credential Provider to logon to the system, an additional login mask  - known as the SafeGuard Authentication Application - will appear,  requesting the user to enter username and password again. The Authentication Application performs the same tasks as the Credential Provider so you can choose which one you like to use.

    You can also hide Credential Providers that are not required (in case you don't want to use the Safeguard Enterprise Credential Provider but the Authentication Application). Please see the following KBA for the procedure:

    114190 - SafeGuard Enterprise: How to hide credential providers from the Windows Logon User Interface using Windows Group Policy

    Cheers,

    Chris

    :28813
Unfiltered HTML