This article describes how to disable the auto-login feature to Windows, but still allow Symantec Encryption Desktop to utilize the passphrase synchronization functionality.
Single Sign-On allows you to synchronize your Windows password with your Symantec Drive Encryption bootguard passphrase. Then, once entering the passphrase at BootGuard, you are logged into Windows automatically by the Single Sign-On feature.
The auto-login functionality of the Single Sign-On feature can be disabled by adding a registry entry to Windows. Use the following steps to disable the auto-login functionality:
Step 1. Open the Windows Registry Editor (Windows Key + R, type Regedit in the Run field, *or* Start, Search programs and files, type regedit and click OK).
Step 2. Browse to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP
Step 3. Right-click within the PGP folder and click New.
Step 4. Select String Value, and name the string DISABLEWDESSO
Step 5. Right click the string and select Modify.
Step 6. In the Value Data field, enter a value of 1 and click OK.
You should see the new value shows up:
Step 7. Close the Windows Registry Editor and reboot the system for the settings to take effect.
Users of Windows 10 Version 1709 or higher will need to disable fast startup in Power Options in order to properly disable SSO at Windows login. To disable fast startup follow the steps below:
If you do not have this option, then hibernation is disabled and you should not be affected by the fast startup option.
Once all proper steps have been followed, and the system is rebooted, the user experience is as follows:
If you wish to disable both auto login and the synchronization of the Windows passphrase with BootGuard you can install or upgrade Encryption Desktop using the PGP_INSTALL_SSO=0
msiexec switch.
For more information on this functionality, see Scenario 14 in the following article:
171110 - Disabling Encryption Desktop functionality using msiexec switches