3.4 Synchronizing the PBA and Windows Credentials

This information applies only if ZENworks Pre-Boot Authentication (PBA) is installed on the device.

If a device’s Disk Encryption policy has single sign-on enabled so that the ZENworks PBA login credentials are the same as the Windows login credentials, the passwords remain synchronized if the Windows password is changed through one of the following methods:

  • Via Windows domain login

  • Via Windows local login

  • Using Ctrl+Alt+Del to access the change password feature

The passwords are not synchronized if one of the following methods is used:

  • Control Panel

  • Device Manager

If the passwords become out-of-sync, the following methods can be used to synchronize them while at the device:

In addition, you can use a ZENworks Control Center Quick Task to synchronize the passwords. For information, see Synchronizing PBA and Windows Credentials in the ZENworks Full Disk Encryption PBA Reference.

3.4.1 Using the Windows Login

This is the recommended way to synchronize a user’s PBA and Windows passwords because the user can complete these steps without administrator assistance:

  1. Restart the device.

  2. Log in to the ZENworks PBA using the old Windows/PBA password.

  3. When the Windows login screen is displayed, enter the password required to log in to Windows.

    The ZENworks PBA detects the difference in the current PBA and Windows passwords and changes the PBA password to the Windows password.

  4. Restart the device and log in to the ZENworks PBA using the new Window/PBA password.

3.4.2 Using the Full Disk Encryption Agent

  1. Make sure you know the FDE Admin password for the policy that is assigned to the device.

    To change the user’s PBA password, you must know the FDE Admin password for the policy assigned to the device, or you must know the ZENworks Agent override password or key. For more information about passwords, see Section B.0, Administrator Passwords.

  2. Open the Full Disk Encryption agent on the managed device. See Accessing the Full Disk Encryption Agent.

  3. Click the Commands button.

  4. Supply the password, then click OK to display the Commands dialog box.

  5. Click the Add/Delete PBA User button.

  6. Provide the following:

    User Name: Specify the user name for the user whose password you want to change.

    User Password: Specify the user’s Windows password. This becomes the PBA password.

    User Domain: Specify the user’s Windows domain name. If the user is not a member of a domain, you can specify the computer name or leave the field blank.

    If you don’t know the domain or computer name, you can cancel to exit the dialog box, close the ZFDE Commands dialog box, click the Agent Status button, click the PBA tab, then scroll down to the User List at the bottom of the page. The user name and domain/computer name are listed in the PBA User Name column, with the domain/computer name listed second (after the colon).

  7. Click OK to change the PBA password.