We're having some issues where users are prompted to change their domain password as they are nearing expiration. They press CTRL-ALT and DEL, change their password then continue to work. It's my understanding that the this action should immediately update the credentials on the local machine, and during ASCII synchronization upload the new credential information to the EPO database. From there, EPO synchs with all other machines that user has access to, and updates their local EEPC database so that the user can log in with the new credentials.
What we're seeing is that - if the user immediately reboots after changing their Windows/Domain password, the credentials are immediately cached properly and they can log back into McAfee at the preboot screen. If they change their password and don't reboot until the end of the day or wait to start back up the next day, they cannot log onto the McAfee preboot screen with their new password.
Is it possible that the password change is not being uploaded properly to EPO, and when synchronization happens, EPO actually over-writes the local PC with the old credentials for preboot authentication?
This is EEPC 6.1.2 - 314
conceivably yes, IF the user is using other machines as well - Password changes get replicated around based on timestamps so if the user is logged onto two or more machines, conceivably they can do something which will cause the password of that machine to get pushed up and out.
I see what you're saying but I don't think these users have logged on to another workstation when this has happened.
Currently, we assign users by group and we also have the option to add local domain users enabled. Could this cause problems if the local user added was also in the group added?