First post be kind, I am currently pushing encryption out to all my laptop users. we are using single sign on with a 2 hour sync schedule. The problem I am seeing is that the users are being prompted to change their windows AD password, which they are doing. then they walk away from their machine which automatically locks after 15 mins (AD policy) then when they try to unlock it it won't let them. they are telling me they have tried their old password too ?? any ideas. i am going to try and replicate this latter today.