I ran into some trouble with a user where they basically got their userid locked out of their machine at the pre-Boot. Self recovery is disabled. I was able to gain access with my admin ID to the machine, however it did not fix her issue with her ID on the machine. It would appear that the password is not sync'd properly with her windows password. SSO is enabled.
I had a hard time finding where to go to fix this using the "EEv6 Product Guide", although I may have found the answer by searching the forums and eventually rooting through the v5/v6 comparison doc, which states the following lines:
How do I configure users?
After you check the Endpoint Encryption Admin extension in to ePO, the menu will include a Data Protection tab. This tab has an option for Endpoint Encryption user management. Endpoint Encryption management allows you to select users from Active Directory and assign them to the client systems. Some actions can even be performed through the ePO reporting interface. For example, when you run the User query and drill down into the report, you can perform actions such as Clear SSO details, Force user to change password, Reset Token, and Edit user information.
How do I configure user properties?
User properties are configured in the User Based policies and from the Queries-->EPE User-->Actions (User information, Reset tokens, and Set SSO details).
I checked those out, however, I am still not clear on what the function "clear sso details" does and how is that different from "reset token".
Does reset token mean the user credentials or a authentication token. The information is not exactly clear.
Also when trying to access the Help screen under the EE User Details section under the Queries, I get "If you're viewing this topic, the context-sensitive Help for this managed product is not installed.", which I would take to mean that the help section is incomplete as the EE help comes up fine in other screens in EPO.
I would also have to add that the available admin documentation for the EEv6 product is very unsatisfying and hard to find. If I could find an actual "Admin Guide" that went into more detail for all the options of the tool and where they all hide in EPO, on par with the v5 admin doc, that most of my questions would probably already be answered and I would not have gotten into some of the mess I find myself in now.
It is a pain of moving away from EEPC 5.x framwork into 6.x, ePO based administration.
It looks like that pain is felt on both sides: by vendor and user.
As for "Does reset token mean the user credentials or a authentication token. The information is not exactly clear.", that token is normally a password. Password for EEPC user. So it is a part of pre-boot credentials.
Clearing SSO details might allow for EEPC User <-> AD User bonding to be reestablished again, if neccessary.