This content has been marked as final. Show 1 reply
Basically Safeboot doesn't know what your password is unless you told it that.
When you're changing your password on a machine that has safeboot client installed, safeboot intercepts the change password request, it knows what is send to windows as new password, it is then possible to set the safeboot's password to be the same.
Once a user sets passwrd in AD (no mater how would they do that) it is not possible to recover the password. Let's say user is working from home on private laptop, they want to access corporate mail - they are able to because your company offers webmail solution to its employees. But the password is expired, so the user is asked to set new one.
The user's password in AD is then changed, next time they'd like to logon to windows they have to use new pass. Safeboot doesn't know that the password is changed, it cannot get that information from AD (basically nothing can, even being domain admin you are not able to recover passwords - in theory it is impossible). You have standard passwords mismatch then, to make the passwords the same again you have to change your safeboot password manually or, once logged to windows (passing through safeboot boot using old pass) change your windows (domain) password again.