This article describes how to disable the auto-login feature to Windows, but still allow Symantec Encryption Desktop to utilize the passphrase synchronization functionality.
Single Sign-On allows you to synchronize your Windows password with your Symantec Drive Encryption bootguard passphrase. Then, once entering the passphrase at BootGuard, you are logged into Windows automatically by the Single Sign-On feature.
The auto-login functionality of the Single Sign-On feature can be disabled by adding a registry entry to Windows. Use the following steps to disable the auto-login functionality:
Users of Windows 10 Version 1709 or higher will need to disable fast startup in Power Options in order to properly disable SSO at Windows login. To disable fast startup follow the steps below:
If you do not have this option, then hibernation is disabled and you should not be affected by the fast startup option.
Once all proper steps have been followed, and the system is rebooted, the user experience is as follows:
If you wish to disable both auto login and the synchronization of the Windows passphrase with BootGuard you can install or upgrade Encryption Desktop using the
PGP_INSTALL_SSO=0 msiexec switch. See the article TECH249430 for details.