A user is using MDE 7.1 on Windows 7 using SSO.
Their Windows password expired, so they changed it on that workstation. After rebooting, they are unable to log into PBA with new password or old password.
It appears that the McAfee password requirements policy is more restrictive than the Windows password policy, so it would not accept the new Windows password.
EPO was used to delete the user's encryption account and then we logged into PBA using administrator credentials.
The user then logged into Windows and changed their Windows password to a more complext password.
We then used the McAfee status monitor GUI to update policies until the it said encryption users had been updated
We then rebooted the PC expecting the user to be able to log in as a new user and create a new password and new recovery questions, but this did not happen.
It still wanted a "current" password and it still didn't work with the new password and said the account was disabled
We then used administrator recovery to reenable the disabled account.
User still cannot log in.
We then tried using administrator recovery to reset the token.
Now it says "account expired" and the user still cannot log in to PBA.
How can we remove this account from the workstation so they can log in using their reset account as if they are a new user who is logging into PBA for the first time?