Site Maintenance this evening The site will be offline for hosting changes. Time TBC

+ Post New Thread
Results 1 to 3 of 3
How do you do....it? Thread, Sophos encryption enables fast user switching in Technical; Hi Having a bad day - I had things working in test and now getting problems when I try to ...
  1. #1

    Join Date
    Nov 2011
    Location
    Cambridgeshire
    Posts
    522
    Thank Post
    141
    Thanked 75 Times in 67 Posts
    Rep Power
    19

    Sophos encryption enables fast user switching

    Hi

    Having a bad day - I had things working in test and now getting problems when I try to deploy to live

    I have Server 2008 R2 domain, Win 7 Pro 64 bit clients, Sophos Safeguard 5.61 encryption client and Enterprise Console 5.2.1 R2

    In the encryption policy applied to the OU the only default I changed is that POA is not enabled as we want multiple users to be able to use the laptops.

    I disabled Fast User Switching in GPO (Computer Configuration>Policies>Admin Templates>System/Logon>Hide entry points for Fast User Switching: Enabled) as it is specified as not working with Sophos encryption

    Before I deploy Sophos encryption, it works as expected - no options to Switch User. After the encryption has run, at start up I see the Sophos Safegaurd splash, then the "Autologon will start shortly" pop-up. Then windows starts as normal, opens to the Ctrl Alt Del prompt. However it appears as though Sophos has already logged on as a user. The Switch User button has <magically> been re-enabled and instead of the normal blank icon and two fields (username and password), Sophos logo shows in the user picture space and the drop down to choose whether to logon to domain or local machine is enabled.

    When I log on to the machine with a valid domain account, the Switch User option from the Start Menu is greyed out, if I log out, at the log in screen Power Off button, Switch User doesn't appear. If I lock the PC the name of the logged on user is displayed (disabled in GPO prior to installation of encryption) when I press Ctrl Alt Del, the button to choose "Other Credentials" is offered. If I choose it, I am offered two users with the same name - one with Sophos icon and the other with a default Windows Icon. I can log in user either option.

    Any help? Pleeeaaase..... It's driving me insane.

  2. #2

    Join Date
    Nov 2011
    Location
    Cambridgeshire
    Posts
    522
    Thank Post
    141
    Thanked 75 Times in 67 Posts
    Rep Power
    19
    Ok. I'm narrowing it down. It seems that it's to do with credentials providers - I need to persuade Windows to only use the Sophos credentials provider at logon. Apart from the fact that I haven't figured out the one I need and the ones I can disable, I can't figure out why this didn't happen in testing.... Apparently it only happens if you disable POA. Did any other Sophos Safeguard users out there encounter/solve this issue?

  3. #3

    Join Date
    Nov 2011
    Location
    Cambridgeshire
    Posts
    522
    Thank Post
    141
    Thanked 75 Times in 67 Posts
    Rep Power
    19
    Just updating in case anyone stumbles on this with a similar problem:

    You need to set up a GPO to exclude credential providers:
    Create a new GPO and navigate to the "Exclude credential providers" setting:
    Computer Configuration | Policies | Administrative Templates | System | Logon | Exclude credential providers.

    I took the list from the Sophos knowledgebase article:
    SafeGuard Enterprise: How to hide credential providers from the Windows Logon User Interface using Windows Group Policy

    As with any GP change, you always need more patience than you think. I spent hours trying to find out what was wrong with my policy, but I'd forgotten that Windows isn't quite sure what you mean by running gpupdate / force, setting the policy to "enforced2 on the OU and rebooting more times than I could count. When I tried again the following day, the policy worked exactly as I expected with no other changes made...

SHARE:
+ Post New Thread

Similar Threads

  1. Fast User Switching and ActivInspire
    By Norphy in forum Promethean Direct Support
    Replies: 7
    Last Post: 28th January 2013, 09:14 AM
  2. Replies: 3
    Last Post: 18th October 2012, 09:14 AM
  3. Fast User Switching Problems
    By HallX in forum Mac
    Replies: 0
    Last Post: 25th November 2010, 02:09 PM
  4. Windows 7 fast user switching disable??
    By bewlay51 in forum Windows 7
    Replies: 1
    Last Post: 7th March 2010, 11:49 AM
  5. fast user logon
    By strawberry in forum Windows
    Replies: 0
    Last Post: 21st November 2007, 09:11 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •