Best practices for Windows password updates/changes for Symantec Endpoint Encryption Full Disk with Single Sign On enabled.

book

Article ID: 158025

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

1) Your Windows password has expired on a SEE Full Disk encrypted machine with Single Sign On enabled.

2) You would like to change your Windows password on a SEE Full Disk encrypted machine with Single Sign On enabled.

Windows password changes are not syncing with SEE Full Disk.

Resolution

 

Windows password changes when using Single Sign On with SEE Full Disk

If you are using Single Sign On (SSO) on a computer encrypted with SEE Full Disk please observe the following best practices from page 57 of the SEE Full Disk 8.2.1 Installation Guide:

If Single Sign-In is enabled, password changes must be initiated by the user on the local workstation. Administrators cannot reset users' passwords from the server. Third party password change tools such as SSPRM are not supported.

**Note: The recommended method of changing the Windows password is CTRL-ALT-DELETE. Users may encounter problems if they change the password by other methods. Reboot is required after changing the Windows Password.

 

Procedure for Expired Password

For expired Windows passwords, please observe the following best practices from page 55 of the SEE Full Disk 8.2.1 WIndows User Guide:

Your administrator may have set a policy that requries you to change your password after a set period of time. For example, you may be forced to change your password every three months.

Windows will prompt you to change your password each time you log on. Before proceeding to change your password, power the machine off and then back on. Complete pre-boot authentication. Then go ahead and change your password as prompted.

Links for both guides are provided below.


Attachments

SEE-FD 8.2.1 Windows User Guide.pdf get_app
SEE-FD 8.2.1 Installation Guide.pdf get_app