MDE Password

Owned by Tom Ling
Last updated: Oct 14, 2014


 

Overview

 

MDE passwords are separate from AD passwords. Encrypted systems are configured to "sync" a user's AD password to MDE once authenticated to the domain.

 

For example, if a user's AD password is pass1 and sets their MDE password to pass2. pass2 will allow them to log in to MDE pre-boot authentication (PBA). At the windows login prompt user then enters pass1 (their AD password) and successfully authenticates to AD. Once this occurs pass1 overwrites their MDE password pass2. pass2 will no longer work for MDE PBA. If user attempts to use pass2 for MDE PBA the account will lock with timeouts.

This is also the case if there is a change made to the AD password. The new AD password will not work for MDE until it's updated and will cause passwords and accounts to lock out.

 

To resolve password  and account lockout issues. Use self-recovery and set the MDE password to the current AD password to avoid confusion.

If self-recovery is not possible use administrative user recovery.

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.