Do you mean Windows administrator password?
ePO won't help you with that I think.
I'm using PowerShell to send me an e-mail when some event happens on a server.
No i mean that when user forogot password to EEPC pre-logon screen, and somenone from the HD staff reset token for the user administratively (Encryption Recovery option in the ePO)
I see that there is and Event ID 30005 on the client events list when this procedure was happen, but when the user is offline or in the other network (out of office), ePO server not collect events.
In the User Audit log i can find that password (token) for the user was reset, but i cannot set response when server place this action to the audit log.
Hope u understand now.
Hmmm... sorry then but, I don't have this software installed to test it and try to help you.