- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
SecurID asking for "device password" (one was never set)
So I built a Windows 10 image for my company and included the RSA SecurID software in the image (I installed the software under the built-in Administrator account and did not configure anything in it). Then I used Sysprep to generalize the image and then I captured it to a .wim file.
After deploying the .wim file to a company laptop using SCCM (which automatically joins the laptop to the domain), I logged into a domain account. When I opened SecurID, it prompted me for a device password. The exact error was
"The token database on your hard drive is protected by a password"
The thing is...I never set a password. I eventually fixed the issue by uninstalling and reinstalling the software while logged into a domain account. But this still doesn't explain why the issue happened in the first place. This is extremely frustrating.
Any help or insight is greatly appreciated.
Thank you,
Brandon
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
If you did not put a Password on the Soft Token when you distributed it, or if you do not have a token imported yet, Then this password prompt really means Windows cannot figure out the decryption of the Token database, which by default is based on some specifics to that Windows platform, including some registry entries, which are no longer the same after Sysprep generalizes the PC. You might get lucky following Knowledge Base KB article - 32832 | How to disable device password on the windows software token application 4.1, which you could find on this site, but the 'fix' in this KB is to Create a DWORD entry DisableSetDevicePassword with data value of 1 under
Registry Location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\Software Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Problem solved by deleting the database file named RSASecurIDStorage under the "C:\Users\Default\AppData\Local\RSA\RSA SecurID Software Token Library”
Apparently Sysprep corrupts the database. By deleting the database on the default user account before logging in as any domain user, this problem gets solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
If you did not put a Password on the Soft Token when you distributed it, or if you do not have a token imported yet, Then this password prompt really means Windows cannot figure out the decryption of the Token database, which by default is based on some specifics to that Windows platform, including some registry entries, which are no longer the same after Sysprep generalizes the PC. You might get lucky following Knowledge Base KB article - 32832 | How to disable device password on the windows software token application 4.1, which you could find on this site, but the 'fix' in this KB is to Create a DWORD entry DisableSetDevicePassword with data value of 1 under
Registry Location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\Software Token
