We have an issue where if we change a user's password in Active Directory (e.g. because of a forgotten password or account lockout), the updated password is not being caught by the McAfee agent (either via a local Collect and Send props or an agent wakeup from ePO) and updated for the user's login.
Does anyone have an idea of what may be causing this issue?
Passwords that are changed locally on the machine (e.g. via C+A+Del + Change Password or by a password expiry prompt) seem to be being caught at the moment.
Solved! Go to Solution.
We have a similar issue. Can you share your workaround with us?
Director, IT Ops
AIDS Healthcare foundation
MDE 7.1.3 has a new feature to Detect and notify of password changes in Windows Active Directory. More informaiton can be found in the MDE 7.1.3 release notes PD25903.
Note: The option is found under Enable SSO called "Periodically check domain credentials for changes, and ask the user to re-capture their Drive Encryption password if required"
Although the change is not captured in AD, the client will check if the credentials stored in the Preboot File System are current and prompt the user to lock and unlock the cleint if they are not.
Can't rememeber exactly what we did back then as it was a few months ago. If this issue pops up now, we enforce a password reset from the desktop and then run an agent wakeup on the endpoint, so that the Agent captures the password changes and passes it back to ePO.