I am just trying to understand how the the password syncronization works between a user changing their AD password and Syncing it up with the EEPC 6 (ePO) , i am experiencing an issue where users are changing their Windows AD passwords every 60 days, when they get the option to change the password they do so, but the time it takes to sync up with the EEPC 6 pre-boot password seems to take an extremely long time.
I have read the EEPC 6 product guide and have noticed that all we sync up with the EE/AD SYNC task is the containers and any new users, what i would like to know is how is the AD password for a user updated in the EEPC (ePO) side ? forcing ASCI doesnt get the password synced any quicker.
any information on how this works would be greatly appreciated.
If they change their password on their machine via Ctrl+Alt+Del it should sync the preboot password (well thats what my testing has proved)
You can also change the EEPC part of the password using the "change password" option when the machine is locked/or at PBA.
Thats what i have gathered so far from my limited usage.
I'd like to add one question to the password sync topic (I hope I won't hijack you thread). Is there a "best practice" to mitigate the risk of having default passwords (12345 or any other I'd define in the policy) all around the company? As far as I know the only possibility is to assign one user to one endpoint and I can be sure, the user will be forced to change the default password.
But in some scenarios I have to assign more users (eg. whole group) to the endpoint, but I can't be sure, everyone will change the default password. Some users could have it on the machine forever, which could be pretty serious weakness (please, don't take this as an offense, I'm trying to use the encryption in best way possible).
I guess the mitigation is that the password is reflected between machines, so you only have to change it on one - then it will get bounced around your environment to every other machine their account is allocated to?