2.5 Synchronizing PBA and Windows Credentials

If a device’s Disk Encryption policy has single sign-on enabled so that the ZENworks PBA login credentials are the same as the Windows login credentials, the passwords remain synchronized as long as the Windows password is changed through one of the following methods:

  • Via Windows domain login

  • Via Windows local login

  • Using Ctrl+Alt+Del to access the change password feature

The passwords are not synchronized if one of the following methods is used:

  • Control Panel

  • Device Manager

If the passwords become out-of-sync, the following methods can be used to synchronize them while at the device.

2.5.1 Using the Windows Login

This is the recommended way to synchronize a user’s PBA and Windows passwords because the user can complete these steps without administrator assistance:

  1. Restart the device.

  2. Log in to the ZENworks PBA using the old Windows/PBA password.

  3. When the Windows login screen is displayed, enter the password required to log in to Windows.

    The ZENworks PBA detects the difference in the current PBA and Windows passwords and changes the PBA password to the Windows password.

  4. Restart the device and log in to the ZENworks PBA using the new Window/PBA password.

2.5.2 Using a ZENworks Control Center Quick Task

To use a ZENworks Full Disk Encryption Quick Task in ZENworks Control Center, a ZENworks administrator must be assigned the Manage Endpoint Security Settings and Tasks privilege. This privilege is configured through the Quick Tasks rights for administrators and administrator groups. For help configuring Quick Tasks rights, see the ZENworks Administrator Accounts and Rights Reference.

Using a Quick Task to synchronize a user’s PBA password with his or her Windows password requires you to know the Windows password.

  1. In ZENworks Control Center, click Devices.

  2. In the Devices panel, locate the user’s device.

  3. Select the check box next to the device, then click Quick Tasks > FDE: Update PBA User to display the Update PBA User dialog box.

  4. Fill in the following fields:

    Replace password if user already exists in PBA: Make sure this option is selected.

    User Name: Specify the Windows user name.

    Domain: Specify the user’s Windows domain name. If the user is not a member of a domain, you can specify the computer name or leave the field blank.

    Password: Specify the user’s Windows password.

  5. Click OK to display the Quick Task Status dialog box.

  6. In the Quick Task Status dialog box, click Start if you want to use the default options.

    or

    Configure the options as desired, then click Start.

    For information about the options, click the Help icon in the Quick Task Status dialog box.

    As soon as the Quick Task is complete, the user can authenticate to the ZENworks PBA using the new password.

2.5.3 Using the Full Disk Encryption Agent

You can use the Full Disk Encryption Agent to change the user’s PBA password to match the Windows password.

To change the user’s PBA password, you must know the FDE Administrator password for the policy assigned to the device, or you must know the ZENworks Agent override password or key.

  1. On the device, right-click the ZENworks icon in the notification area, and select Technician Application.

  2. Click Full Disk Encryption in the ZENworks Agent navigation menu.

  3. In the Full Disk Encryption Agent Actions section, click About to display the About dialog box.

  4. Click the Commands button.

  5. Supply the password, then click OK to display the Commands dialog box.

  6. Click the Add/Delete PBA User button.

  7. Provide the following:

    User Name: Specify the user name for the user whose password you want to change.

    User Password: Specify the user’s Windows password. This becomes the PBA password.

    User Domain: Specify the user’s Windows domain name. If the user is not a member of a domain, you can specify the computer name or leave the field blank.

    If you don’t know the domain or computer name, you can cancel to exit the dialog box, close the Commands dialog box, click the Agent Status button, click the PBA tab, then scroll down to the User List at the bottom of the page. The user name and domain/computer name are listed in the PBA User Name column, with the domain/computer name listed second (after the colon).

  8. Click OK to change the PBA password.