SAL logon after changing unknown Windows Password in a domain

  • Article ID: 109142
  • Updated: 30 Sep 2010


Product
Sophos SafeGuard Disk Encryption 4.60

Client OS

Windows 2000 Professional SP4, Windows XP SP3

Server OS

None

Question

How to get access to a Sophos SafeGuard Disk Encryption secured system if the Windows password is unknown and the password needs to be changed using password sync?

Answer

Example:

We have two users:
1. Domain user named "domain" with password "test"
2. Sophos SafeGuard Disk Encryption user named "Sophos" with password "secure"

The customer now gets back from holiday and has forgotten his password.

To solve this situation the following steps need to be performed:

1.Create a new windows password for "domain" using the password reset function of Windows 2003 Server.
The new password now is "temp"

2. Create a challenge response code that allows the user to change the password of "Sophos" from "secure" to
"encryption".

After changing the password the boot process will continue. The Sophos SafeGuard Disk Encryption SAL tries to logon the user
"domain" into the windows domain using the old password "test". This fails and user is prompted to type in a new
windows password. Type in the new password for windows which was created in step 1 -> in this case "temp".

Now the Sophos SafeGuard Disk Encryption synchronisation process starts and the user is prompted for his Sophos SafeGuard Disk Encryption password. At this point the password that was created in step2 has to be entered -> this will be "encryption".

The next time the user boots up the system following credentials need to be entered at PBA level to log on:

User ID: Sophos
Password: encryption

The system then will automatically pass trough to the users desktop.

Note
The user does not have to change the password again after performing above mentioned solution!
The user can create a new (secure) password during the challenge response process.


keywords: sde

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments