Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling Endpoint Encryption clients to use Domain Authentication Single Sign On (SSO)

    • Updated:
    • 1 Apr 2014
    • Product/Version:
    • Endpoint Encryption 3.1 PolicyServer
    • Endpoint Encryption 5.0
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
Summary
Learn how to enable the Endpoint Encryption clients to use the Domain Authentication/Single Sign On (SSO).
Details
Public
To use the Domain Authentication SSO:
  1. Consider the following for PolicyServer installation:
    • It is recommended to run the Windows service through Local Systems. This will eliminate cases where a Domain User account may be locked, set to change password at login, or having to change the User password in the Windows Service and in the IIS Application Pool.
    • Install the Windows service with a Domain User account that has administrator rights on the local server.
  2. Set the required policy settings below:
    • For PolicyServer 3.1.2:
      Common
      Common > Authentication > NetworkLogin > DomainAuthentication = Yes
      Common > Authentication > NetworkLogin > Domain Name = SSOTest (NetBIOS name. Same as in Windows GINA pick list)
      Common > Authentication > NetworkLogin > Host Name = SSOTest.local (Domain Controller)
    • For PolicyServer 3.1.1 and below:
      PolicyServer
      PolicyServer > LdapAuthentication = Yes
      PolicyServer > LdapAuthentication > Domain Name = SSOTest (use the NetBIOS name. Same as in Windows GINA pick list)
      PolicyServer > LdapAuthentication > Host Name = SSOTest.local (Domain Controller)
      Full Disk Encryption
      Full Disk Encryption > PC > Login> DomainAuthentication = Yes
      DriveArmor
      DriveArmor > Authentication > NetworkLogin >DomainAuthentication = Yes
      File Encryption
      FileArmor > Login > DomainAuthentication = Yes
      Note: File Encryption and DriveArmor Single Sign-On capability requires the following Full Disk Encryption Policy enabled for the group even if FDE is not used on a device:
      Full Disk Encryption > Login > Domain Authentication = Yes
Additional information:
  • DomainName should be configured as your NetBIOS domain name. For most environments, this value is the same value that appears in the Windows GINA logon to pick list.
  • HostName should be configured with the Fully Qualified Domain Name (FQDN) of your Domain Controller or be configured with your domain.suffix.
  • DomainName determines how we try to authenticate the user via the domain\username value.
  • HostName refers to the server we authenticate.
  • For the policy values of DomainName and HostName, open a Windows command prompt and run "net config workstation" from a domain-joined machines. The output of this command shows the Workstation Domain value for the DomainName policy and the Workstation Domain DNS Name for the HostName policy.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1059636
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.