This content has been marked as final. Show 11 replies
actually, Windows has a bad habit of accepting old passwords - it validates locally, and only goes to the domain if the local validation fails.
eventually Windows will catch up with the password change and wil prompt the user for the new Windows passoword - this is quite normal behaviour.
try it yourself - change your password on one machine, then log out another and try to log in with your old Windows password.
I'll certanly accept that Windows does odd things, but as long as the machine has a network connection to the domain I have never seen one accept an old password. There certainly are things going on under teh covers that I don't know about that may make this fit some flowchart MS has created.
My real concern here is why can the user move around the domain with the old password? The client must have that new password somewhere, and it did prompt the user for the new password once, SafeBoot just didn't synch when it had the chance.
In the end my original question still stands. When this happens to a user, is here a way to FORCE the two passwords to synch back up? Our users move between dektops (not encrypted) and laptops (encrypted) regulary so having two passwords for the network will not go over well.
If the SafeBoot password is "Old" and Windows password is "New", then as a quick workaround, just have the user set their SafeBoot password to match what Active Directory has. You can do this one of three ways:
At pre-boot by selecting "change password"
In Windows, Ctrl+Alt+Del, Change Password, select "SafeBoot Network Provider" (or whatever the exact text is)
Perform a user recovery for the affected account (or reset to default, force synch, and have them set it right.
As far as why it happened, have you read any of the other password synch docs here? Check SB password complexity settings or UPN issues with certain SB versions.
Apologies for going slightly off topic, but what is the "SafeBoot Network Provider"?
Thanks folks. The complexities are good. I've read many of the threads, but didn't see the same problem mentioned.
Having to reset the password is a bit of a pain, but if that is what we have to do then I guess that is what we have to do.
JMB - I ran into the same thing where SafeBoot knew what the new password was but didn't keep them in synch. So I'd login to SafeBoot using my old password, but SafeBoot would pass the proper password into Windows. If I locked Windows or had to logout, I would unlock or login using the new password, but SB would only accept the old password.
If you paste what your settings are from the SafeBoot console for one of the machines you're having a problem with, I'm sure the rest of us would be happy to comment.
sounds like safeboot updated the SSO details for the user only. You can have it where safeboot has one login and password and single signs you into windows with a completely different ID and password.
This is a sporadic event. It works most of the time so I just had teh user change her safeBoot password to match teh Windows password and I'll kepp an eye on her account next password change.
I have a user who changed their password while at home last night. Today after getting in to the office and forcing a change for the user to a new Safeboot and new Windows AD password, he still gets the error 0xe0050016 incorrect user logon. If the user reboots the machine, he gets the same error message.