Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


 

Overview

 

MDE passwords are separate from AD passwords. Encrypted systems are configured to "sync" a user's AD password to MDE once authenticated to the domain.

 

For example, if a user's AD password is pass1 and sets their MDE password to pass2. pass2 will allow them to log in to MDE pre-boot authentication (PBA). At the windows login prompt user then enters pass1 (their AD password) and successfully authenticates to AD. Once this occurs pass1 overwrites their MDE password pass2. pass2 will no longer work for MDE PBA. If user attempts to use pass2 for MDE PBA the account will lock with timeouts.

 

 

To resolve password  and account lockout issues. Use self-recovery and set the MDE password to the current AD password to avoid confusion.

If self-recovery is not possible use administrative user recovery

  • No labels

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.