Wireless Access

Guys... Any one used pgp software for hard disk encryption? my implementation uses this on the client. The user password is entered before the os isis loaded (it's like a fancy version of grub) and this password that is entered is used to login to the user account in windows. Sounds great except when using machine authentication when you want your drive mappings for successful login. This is not an Aruba problem but has anyone experienced this? Or similar issue?

Is there a driving reason why you need the single sign-on functionality enabled?    You can disable it by changing a registry key on the client.   In doing so, the system will stop at the CTRL+ALT+DEL page.  This should allow the machine to authenticate if the system is configured to do so (I do not use PGP, so I cannot confirm this).    

 

• HKEY_LOCAL_MACHINE>SOFTWARE>PGP Corporation>PGP
• Add a new String Value named DISABLEWDESSO and add a value of 1 in the value field.  Reboot.

Making the change, alters the behavior of the PGP passphrase should the user change the password.  For example, if the user changes it using the CTRL+ALT+DEL option, it will sync with the PGP passphrase, if they change it in another manner, they'll need to boot once to PGP and enter the old passphrase, then upon successful login to Windows, it will by synchronized.  Check this link for details.

 

http://www.symantec.com/business/support/index?page=content&id=HOWTO42010

 

Clembo,

 

Awsome advice.  :smileyvery-happy:

 

Why is it done like this?  Historical.  I'll find out the level of resistance to a change of approachd later on today!!!!

 

 

Thanks again

Hi clembo, Do you know if there is a way that this setting could be distributed centrally? apologies I am a network guy and my knowledge of the pc workstation server side is limited. Thanks!!

All registry changes can be pushed through Group Policy in at least one of two was.  The first is to export the registry key from a computer that you have manually changed, and add that *.reg file to a computer startup/shutodwn script that will populate the registry with the change.  The second is to use the native registry component  of GPO Preferences.    A trick is to configure the GPO from a machine that has the software (and registry keys) and also has the Group Policy Management Console on it so you can select the proper registry key path (as you can browse to it, makes it easier than typing it in).     The following link summarizes how to change a registry key through the preferences (http://technet.microsoft.com/en-us/library/cc753092.aspx).

 

 

That is above and beyond what I asked for, many thanks indeed. I'll speak to our administration team and let them know.... how they could tackle this. I hope they find this an enlightening and educational as I do!! ;-)