ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Endpoint Encryption Single-Sign On with Hibernation

book

Article ID: 214039

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Symantec Endpoint Encryption includes a Single-Sign On (SSO) feature so that when users are registered with Drive Encryption, when they turn on the machine, they will be able to use their own Windows credentials to login.  At the preboot screen, you would enter your credentials and these credentials are then passed to the Windows login and will login automatically to the windows profile.

When hibernating a machine, the Windows state is saved to a file.  Because the disk is fully encrypted, when the machine resumes from hibernation, the preboot screen is invoked.  If you are transporting a machine, it is more secure to hibernate your machine then to "sleep" the machine, because to then resume, you are required to enter the credentials.  By default, if you resume from hibernation, you will enter your Windows credentials at the preboot screen, and then the system will resume from hibernation and will then present the user at the Windows login screen.  The user must then enter the credentials again to login.

 

Resolution

Symantec Endpoint Encryption 11.3.1 includes a feature so that after SSO is used, the user need only enter the Windows credentials once at preboot.  The system will resume from hibernation and this time will automatically login to Windows.

In order to enable this feature you would create the SEE Client with the "Allow SSO with Hibernation" set to "True":

Once the above setting is configured, when the system resumes, the system will prompt for credentials once, and then the system will login to Windows automatically.  This setting can also be configured via policy on the SEE Management Server.

Attachments