I realize my last post was a bit too much information, so I've rephrased my questions about EEPC 6.0.2 in short:
1. Yes, most likely
2. No - this is the way most people wanted it to work - the thought is that most of the time the two passwords are the same, so if the user forgot one, we should make them change the 2nd as well. peter_eepc was a particularly vocal supporter of this change if I remember.
1. Good to hear that.
2. I agree with you that after a reset of the user password in the preboot authentication, the SSO details should be reset: the user has forgotten his password, so it would be weird if that user would be logged in in Windows with a password he doesn't know.
However, this comes in handy (hence my question) when the user is at home: he recovers his password in preboot authentication, is logged on to Windows with his cached credentials, has his Windows password reset by a servicedesk employee and sets up a VPN connection (with his new Windows password). He then changes his password in Windows (over VPN) and the passwords are in sync again.
The way it works now (in 6.0.2) is when a user does a recovery in preboot authentication, he's stuck at the Windows prompt. Any ideas on how to overcome that issue when the user is at home? Even if his Windows password is reset by a servicedesk employee, the computer will never be able to verify it, because there's no connection with a domain controller.
By the way, I also dropped this question with McAfee Support and they say both issues will be resolved in a new release: 'The questions you have mentioned below are currently not resolved in EEPC 6.0.2 release, but those will be resolved in feature release.'. Who should I believe?
One more question regarding this: in Windows XP, the default Windows XP logon screen is shown when SSO was reset after a recovery. In Windows 7 the default Windows 7 logon screen is replaced by another logon screen. We use an extra 'Password Reset' option, that is shown in the logon screen. In Windows XP, this button is still shown (because the same logon screen is shown). In Windows 7, that button isn't shown, because the logon screen has been replaced. Will the original Windows 7 logon screen be shown in future releases? Or is this by design and it is impossible to use the standard Windows 7 logon screen to capture the credentials for SSO in EEPC?
We wouldn't have a solution for that. The user would be locked out.
That's why we liked the way it worked in Windows XP with EEPC 22.214.171.124: the user would be logged on with SSO.
I know it's a MS issue, that's why I'm stuck here :-)
I'm never able to logon to my computer with my domain account if I don't have a domain controller connection (after the servicedesk reset my password on a domain controller).