SafeBoot can sync appropriate account details, such as expiry, last password
change, logon time etc from AD, and can of course create users based on AD
entries. Also as users change group membership in AD that can initiate a
change in their SafeBoot group membership. The actual password cannot be
derived from AD, as only a hash is stored (this is good security), so
although SafeBoot will give the user the chance to automatically set their
SafeBoot password to their AD password to make them the same, the user can
always click cancel. A dedicated connector service handles the sync between
the central SafeBoot policy DB and the AD.
As SafeBoot is also a true multi user system (i.e., one user account exists
on many machines simultaneously, rather than user accounts on each machine
simply called the same user), when you change your AD profile, or password,
this change is reflected to all machines where that user is assigned
automatically.
I hope that helps.
Simon .
"Norby" <> wrote in message
news: om...
> I have been reviewing several hard drive encryption applications that
> offer the Single Sign-On option, a couple of which allow
> authentication to Active Directory. Safeboot and PointSec seem to be
> the front runners with AD integration, but I have questions on how
> they integrate.
>
> My questions are:
>
> Are there any other applications with SSO authentication to Active
> Directory?
> Can the encryption software password be syncronized with the Acitve
> Directory password or vice versa?
> Can any of the encryption applications utilize the AD user account
> information to create their internal accounts?
>
> I appreciate any assistance with these questions.
>
> Thank you
|
Similar Threads
