Endpoint Encryption

Hello all.

We use PIV cards as tokens to authenticate to SEE at preboot.

Every 3 years, we have to update the certificates on the card, although the card stays the same.  Will this do anything to the registered user?  If so, is there a way to automate this so that we don't have to do a manual unregister/register type of function?  I have almost 500 to do!

Thanks!

Mark Housler
mhousler@nassconorfolk.com

------------------------------
Best regards!

Mark Housler
Help Desk Manager
GD NASSCO-Norfolk
mhousler@nassconorfolk.com
------------------------------

Mark, 

A feature was added in SEE 11.3.0 to detect this change automatically.  The software should detect the key change on the card, determine it already has a user with the same username and update the records on the disk with the new key.  You can read about the feature in the 11.3.0 release notes here: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/information-security/encryption/generated-pdfs/symcEE_11.3.0_ReleaseNotes_en.pdf  The feature is described under the "Seamless support for smart card rekey or replacement" section.  

Josh
Original Message:
Sent: 10-14-2020 12:42 PM
From: Mark Housler
Subject: Update user registration for token users

Hello all.

We use PIV cards as tokens to authenticate to SEE at preboot.

Every 3 years, we have to update the certificates on the card, although the card stays the same.  Will this do anything to the registered user?  If so, is there a way to automate this so that we don't have to do a manual unregister/register type of function?  I have almost 500 to do!

Thanks!

Mark Housler
mhousler@nassconorfolk.com

------------------------------
Best regards!

Mark Housler
Help Desk Manager
GD NASSCO-Norfolk
mhousler@nassconorfolk.com
------------------------------

Thanks so much!!  I ran into a few problems but they were obviously not related to this. Hallelujah. 

------------------------------
Best regards!

Mark Housler
Help Desk Manager
GD NASSCO-Norfolk
mhousler@nassconorfolk.com
------------------------------

Original Message:
Sent: 10-14-2020 04:20 PM
From: Joshua Johnson
Subject: Update user registration for token users

Mark, 

A feature was added in SEE 11.3.0 to detect this change automatically.  The software should detect the key change on the card, determine it already has a user with the same username and update the records on the disk with the new key.  You can read about the feature in the 11.3.0 release notes here: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/information-security/encryption/generated-pdfs/symcEE_11.3.0_ReleaseNotes_en.pdf  The feature is described under the "Seamless support for smart card rekey or replacement" section.  

Josh
Original Message:
Sent: 10-14-2020 12:42 PM
From: Mark Housler
Subject: Update user registration for token users

Hello all.

We use PIV cards as tokens to authenticate to SEE at preboot.

Every 3 years, we have to update the certificates on the card, although the card stays the same.  Will this do anything to the registered user?  If so, is there a way to automate this so that we don't have to do a manual unregister/register type of function?  I have almost 500 to do!

Thanks!

Mark Housler
mhousler@nassconorfolk.com

------------------------------
Best regards!

Mark Housler
Help Desk Manager
GD NASSCO-Norfolk
mhousler@nassconorfolk.com
------------------------------