Use case 2: Network login for all AD users

Two use cases:

• An employee (new user) needs to log on to a particular client computer in Windows, even though the user has never logged on there before. The client computer is connected to the corporate network.
• A user has forgotten or changed their password. No challenge-response procedure needs to be performed when the client computer is connected to the network. The administrator can reset the Windows password and the user can log in to the network PBA via AD. If the AD logon is successful, a single sign-on into Windows takes place and the new user credentials are synchronized back into the PBA.

Follow these steps for configuration (the settings on the other tabs are explained in the corresponding descriptions):

1. Select the basic setting Enable network pre-boot authentication.
2. Select Allow automatic logon to the network.
3. Keep the check mark at Allow other logon methods.
4. Leave the default value for failsafe at 3. This way you can make sure that only after 3 successful network logins there is no other way to log on. This option is intended for both testing purposes and as a failsafe.
5. Select Allow logon via the Active Directory (AD).
6. Select Allow network logon for all AD users.
7. Based on whether or not you want to enforce network logon, select or uncheck the User logon must only occur via network authentication option.
8. Leave the default value 3 at Number of automatic retries until network connection is established.
9. Likewise, you can leave the pauses between retries at 5 seconds.

10. Apply your changes by clicking OK.