1 of 1 people found this helpful
They know how to perform boot-once procedure, if local support account has a password problem.
Complex password enforcement and long password expiry periods are also being used. No SSO.
Ours know how to do resets, they just get sick of doing it all week long. For them it's a hassle, for the organization it's additional cost.
Part of the solution in the end was to take them off SSO (thanks for the recommendation) by changing their EE usernames so they don't match their AD usernames . I also wrote a little app which "catches" their EE password resets and runs as a service that resets their password to that same value every 20 minutes, 24/7, until the next time they change it. Requires that they use a web form on our intranet as the front end for all their password changes in EE. Inelegant, but it's working. No lockouts for two days, which has never happened before. Thanks for your help.