I know in EEPC you can add previously logged in local domain users as Encryption Users in ePO. The EEAgent looks at users who have previously logged on and then creates a token for them to log into the Pre-Boot Environment; with their previous password they used. However, how does this work with Common Access Card users? I have CAC users who exist on the domain, and I know the username is authenticated in the pre-boot environment. Does their pass/pin copy over as well?
For smartcard users, they will be added to the list of encryption users on the machine. If they have already been added to a machine, and they have logged in, then their token info will be stored in the EPO server, and will be downloaded to the new machine with the ALDU policy.