Installing the Symantec Endpoint Encryption Data Protection Platform Framework client installs a Graphical Interface Network Authentication (GINA). This is always installed whether Single Sign On (SSO) is chosen by policy or not.
The Symantec Endpoint Encryption-Full Disk GINA dll is named "EAFRCliGina" and can be found in the Windows registry under:
Since Single Sign On (SSO) is turned OFF or ON by User policy, not Computer policy. In other words, SSO can be ON or OFF on a user by user basis. To implement this, the GINA always loads to determine which users should be authenticated into Windows, and which users should be passed on to the default GINA (MSGINA.DLL)
As the SSO design implies, you can use SSO domain-wide, but build a policy that turns SSO OFF for certain users who cannot or should not be automatically logged into Windows. The converse is also true. SSO may be turned OFF domain wide, but enabled for a small number of users that meet all the security requirements for being signed on to Windows when logging onto Symantec Endpoint Encryption.
Imported Document ID: TECH104241
Subscribing will provide email updates when this Article is updated. Login is required.