1. When either of these actions occur on on the machine
2. If the laptop is in regular use, the passwords will be updated constantly. If it's sitting in a drawer then it's not going to get the updates obviously. Leaving it on beforehand so it can sync with epo should solve this.
If the machine is on but at the PBA how possibly is it communicating w ePO?
On and being used I meant.
If the policy is configured for recovery questions, you can have the user go through Self Recovery, as, unlike passwords, the answers to the questions do not change unless the user has taken action to do so.
We usually tell the user to first try their 'last password" if they can remember it, then, the recovery questions, and THEN administrative recovery.
Also, our loan pool normally reimages the systems after they are returned anyway, so, it's not a big issue for our loaners.