1. it clears the stored Windows credentials associated with an EEPC user. Use it when you want EEPC to pick up new creds for them.
2. resets a token back to its default state - clearing incorrect login counts, password history etc. Has to be supported by hard tokens though - some simply don't support this feature. You use it when the user has forgotten their password, but not yet disabled their token (then you use recreate token).