When I recover the password in Endpoint, I could pass the endpoint login screen, then the user will have to login to Windows with their AD account.
With the SSO enabled, when user called to report that they forgot their password, which means they don't know their windows password as well.
Most of our Endpoint users are remote users with a laptop, they need to login to Windows in order to sign-in to VPN.
We are currently using safeboot, when I recovery the safeboot password to 12345, it also login to Windows, so the user can change their windows password, and sync the new password to safeboot.
How is everyone handle the password recovery in your environment? thanks
How would you handle that situation with no EEPC installed, in the same scenario:
User forgets domain password, but needs to login to Windows to start VPN and have password reset?
Isn't that MS problem?
yes, it's gone in 6 - some people (Peter ) argued that it was confusing for SafeBoot to keep logging the user in with credentials that they no longer remembered. Plus it was argued by others that we had no justification for adding remote password reset features, that was the responsibility of other products which provide a rich unified password management feature set.
so, it got dropped.
It is a very handy feature. I know there are other tools that can perform password reset, but we don't have one in place, we were using safeboot to handle this kind of situation.
For a normal user, it will will too much for them to go here and there to reset different password, and this will just cost more work for the helpdesk to assist the user.
As I have already stated, this is a MS problem, so you should go to Microsoft to obtain best practice advice in situations like yours.
Of course third party SSO products do help, but they need to be implemented properly to reduce, rather than increase, number of HelpDesk calls.