If you have implemented MEE 5.2.3 or generally 5.x, could you pls. give your suggestions on the following:
How are you addressing the problem of password resets. I'm getting lot of heat on the length of the challenge response (esp. response, which the user has to type with 4 lines of code). I have set the recovery key size to 128 to have a balance between security and functionality. Do your users "really" have patience to type the four lines of code while being on call with tech support?
When you're syncing AD users do you generally sync to a controlled user group/ uncontrolled user group. I would think that certain attributes like logon hours, password expiry or account validity etc., will be different for different users though they are in one AD group. So obviously if I drop them in a controlled group, I would expect them to 'loose' these values and inherit group's property, which is a no-no. However if I want to configure number of password attempts or timeouts I cannot congfigure that to each and every user in a uncontrolled group. So how do you tackle this scenario?
What is the use of have a password reset option in the web help desk or even in the endpoint encryption manager for users that have SSO enabled?. Yesterday I had UserA reset his password (for ex: passwordxyz) via web help desk and strangely enough after the reset at the Preboot, I was expecting the UserA to be stopped at Windows interactive logon (as the new preboot password passwordxyz would not match his regular windows password). However UserA was not stopped and it went all the way through loading the desktop. I had asked UserA to do a sync, reboot and try it again. The UserA typed his new preboot password -- passwordxyz and whola, the SSO happened again without any problem. So now in that device where the user reset his preboot password, he is able to login with his preboot password multiple times and does not have any problems at SSO. How does this happen?
Thanks very much