WWe have noticed that on some machines (windows 7), SSO works on a fresh system boot and allows successful password changes and subsequent logons. However, on letting the system hibernate a user has to use the old password to gain access. Please note that the laptop was connected to the network during the password change and we have also forced the agent to collect props and update policies from the server.
I can't see how what you describe is possible - the pre-boot is the same whether you cold boot or hibernate - There's no way it can accept password A during a boot, and then password B after hibernating, unless password B also works on subsequent boots.
Syncing the windows password into pre-boot is not dependant on any EPO activity. It happens straight away (or not).