I manage about 1000 laptops for our fiem ... all of them encrypted. I basically have two questions:
1 - When are passwords synced with Preboot? Ctlr-alt-del changed and/or foced change via expiry in AD.
2 - Loaner laptops have been brutal to manage for 35 offices world-wide. When a desktop user requests a laptop the user needs to be added to the encrypted laptop. That part is fine. The problem is when the same user comes back for another loaner months later a user recovery is necessary because they have since changed their Windows password. Is there any way around this? Other than purging the user when they return each loan
DanMessage was edited by: dmvdhil on 5/6/14 12:03:10 PM CDT
1. When either of these actions occur on on the machine
2. If the laptop is in regular use, the passwords will be updated constantly. If it's sitting in a drawer then it's not going to get the updates obviously. Leaving it on beforehand so it can sync with epo should solve this.
If the policy is configured for recovery questions, you can have the user go through Self Recovery, as, unlike passwords, the answers to the questions do not change unless the user has taken action to do so.
We usually tell the user to first try their 'last password" if they can remember it, then, the recovery questions, and THEN administrative recovery.
Also, our loan pool normally reimages the systems after they are returned anyway, so, it's not a big issue for our loaners.