This information applies only if ZENworks Pre-Boot Authentication (PBA) is installed on the device.
If a device’s Disk Encryption policy has single sign-on enabled so that the ZENworks PBA login credentials are the same as the Windows login credentials, the passwords remain synchronized if the Windows password is changed through one of the following methods:
Via Windows domain login
Via Windows local login
Using Ctrl+Alt+Del to access the change password feature
The passwords are not synchronized if one of the following methods is used:
If the passwords become out-of-sync, the following methods can be used to synchronize them while at the device:
In addition, you can use a ZENworks Control Center Quick Task to synchronize the passwords. For information, see ZENworks Full Disk Encryption PBA Reference.
This is the recommended way to synchronize a user’s PBA and Windows passwords because the user can complete these steps without administrator assistance:
Restart the device.
Log in to the ZENworks PBA using the old Windows/PBA password.
When the Windows login screen is displayed, enter the password required to log in to Windows.
The ZENworks PBA detects the difference in the current PBA and Windows passwords and changes the PBA password to the Windows password.
Restart the device and log in to the ZENworks PBA using the new Window/PBA password.
Make sure you know the FDE Admin password for the policy that is assigned to the device.
To change the user’s PBA password, you must know the FDE Admin password for the policy assigned to the device, or you must know the ZENworks Agent override password or key. For more information about passwords, see Section B.0, Administrator Passwords.
Open the Full Disk Encryption agent on the managed device. See Accessing the Full Disk Encryption Agent.
Supply the password, then clickto display the Commands dialog box.
Provide the following:
User Name: Specify the user name for the user whose password you want to change.
User Password: Specify the user’s Windows password. This becomes the PBA password.
User Domain: Specify the user’s Windows domain name. If the user is not a member of a domain, you can specify the computer name or leave the field blank.
If you don’t know the domain or computer name, you can cancel to exit the dialog box, close the ZFDE Commands dialog box, click thebutton, click the tab, then scroll down to the at the bottom of the page. The user name and domain/computer name are listed in the column, with the domain/computer name listed second (after the colon).
Clickto change the PBA password.