- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- Re: What information is written in preboot?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What information is written in preboot?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Each computer has assigned to it the users that can log in at preboot.
I assume, in addition to the username/password, we're also storing the SID of the user.
It sounds like what you did was move the user to a different part of the AD, which may have changed his SID.
In which case, trying to login with the pre-boot credentials would fail.
I think you can fix this by reassigning that user to the computer as allowed for preboot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have information from colleagues that the SID has not changed 100%
Today I'm going to be part of testing, I'll try to disable SSO on this computer.
I'm trying to understand exactly what happens when I login to windows with preboot data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The information provided from preboot is domain, username and password. This information is used in the Check Point credential provider to perform a Windows autologon if SSO is enabled.
When the “Welcome” message is shown, the user information has already been set in the credential provider (from preboot data or manually entered) and the sign-in process has been started. Normally when having any kind of problems at sign-in there can be a time-out but it should be followed by an error message (for example if there are problems getting hold of the user SID or using wrong credentials).
I did not manage to reproduce the problem you are facing. If you have not found a solution to the problem I suggest that you open a Service Request so we can do a deeper analysis of the problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for answer. I have both decrypted and encrypted both computers. Unfortunately, it was not time to investigate more in this case. If there is another such case, I will create a ticket and analyze it.