You are here
Changing Password for Check Point Full Disk Encryption
I have Check Point Software’s Full Disk Encryption (FDE) on my laptop and my password recently came up for changing. I have to change my password on my corporate server for email and corporate access as well as on my Windows machine. I do not log into the Windows Domain. If I did, I might be able to change my Windows and corporate password in one step. But I’m a rebel who doesn’t play nice with corporate IT policy. And I’m willing to pay the price for my bad attitude.
Once I verified that my corporate password was changed, I rebooted my computer to change my FDE password. On the FDE login, there is a button to change the password. So, that’s the direction I went.
I did so, the computer started fine. Single sign on worked as usual. Once my desktop came up, a CheckPoint popup appeared in the lower right telling me that my password was successfully synchronized. Cool. Good to go.
However, on my next reboot, Check Point would not take my new password. I had to enter my old password to log in.
After some experimentation I found that the synchronization popup was telling me that Check Point had copied my Windows password, not that it had made my Windows password match the new value I entered in the Check Point dialog.
So, the proper way to change your Check Point password is to forget the Change Password button the logon dialog altogether. It does not work. Instead, once you are in Windows, use Control-Alt-Delete to change your Windows password. Once you do, the Check Point popup appears telling you it has synchronized. So Check Point follows Windows, not the other way round.
NOTE: It writing the article I changed my Windows password temporarily to force the synchronization popup to appear. Then I changed my Windows password back. (The synchronization popup appeared as usual.) Upon reboot, however, Check Point would not accept my password. I had to enter the temporary password.
So, it appears that when you change your Windows password, Check Point does copy it, but only the first password changed per session.
Can we all say, “cheeseball?”
When you change your Windows password, then, its probably best to immediately reboot and make sure Check Point accepts your new password as expected.
Comments
Michel, — there is an option
Michel,
– there is an option under Check Point E80.30 and (new) E80.40 release that regulates the synchronization between Windows and Pre-Boot password. It allows you to define the direction of synchronization in a way that the change of the Windows password updates the Pre-Boot one and vice-versa.
I am not sure whether this option exists on former versions of the software (I don’t know which software version you are running either), but you could check that with your IT department.
Cheers!
Jure