Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 8296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Easy 6.0 POA question

Ambrosios

hello everyone...

just a simple question, is there a way to limit POA to not allow login using domain accounts?  I am using Safeguard Easy 6.0...

basically i want to use a 2 tier login where users will need to login to POA with a assigned username/password (ie. POA user)......when they get into the OS, they can use their AD account....


Thanks


Felix

:24283


This thread was automatically locked due to age.
Parents
  • 0

    Hi Ambrosios,

    I answered this question in the following post: /search?q= 28777

    In a nutshell: If you would use SGN, you would be able to define "Service Accounts" and deny the User Machine Assignment process in this way for the specified user groups.

    What just popped into my mind to prevent this with SGE - although a bit over-complicated - could be:

    - Install your SafeGuard Easy and activate the POA using an administrative (or dummy) account

    - Logon to the Operating System and disable the SafeGuard Easy Credential Provider (in the registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{5CDFA681-61C8-423d-999E-32EA10C5F7ED}    Create a new DWORD called "Disabled" with value "1")

    Because the Credential Provider is disabled, the SafeGuard Authentication Application will be enabled. This would need to be disabled too. To do so, rename the following file

    - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\x64\SGNAuthAppn.exe to SGNAuthAppn.exe

    New, create a new textfile in C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\x64\, fill in a character (it mus not be empty!) and save it under the name SGNAuthAppn.exe

    The above description should prevent User Machine Assignment from taking place but will also disable all other functions that the Credential Provider / Authentication Application provide.

    Please note: This is untested and would need to be tested and verified on your side.

    Hope that helps,

    ChrisD

    :28841
Reply
  • 0

    Hi Ambrosios,

    I answered this question in the following post: /search?q= 28777

    In a nutshell: If you would use SGN, you would be able to define "Service Accounts" and deny the User Machine Assignment process in this way for the specified user groups.

    What just popped into my mind to prevent this with SGE - although a bit over-complicated - could be:

    - Install your SafeGuard Easy and activate the POA using an administrative (or dummy) account

    - Logon to the Operating System and disable the SafeGuard Easy Credential Provider (in the registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{5CDFA681-61C8-423d-999E-32EA10C5F7ED}    Create a new DWORD called "Disabled" with value "1")

    Because the Credential Provider is disabled, the SafeGuard Authentication Application will be enabled. This would need to be disabled too. To do so, rename the following file

    - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\x64\SGNAuthAppn.exe to SGNAuthAppn.exe

    New, create a new textfile in C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\x64\, fill in a character (it mus not be empty!) and save it under the name SGNAuthAppn.exe

    The above description should prevent User Machine Assignment from taking place but will also disable all other functions that the Credential Provider / Authentication Application provide.

    Please note: This is untested and would need to be tested and verified on your side.

    Hope that helps,

    ChrisD

    :28841
Children
No Data
Unfiltered HTML