Best practices for Windows password updates/changes for Symantec Endpoint Encryption Full Disk with Single Sign On enabled.
Last Updated December 11, 2014
1) Your Windows password has expired on a SEE Full Disk encrypted machine with Single Sign On enabled.
2) You would like to change your Windows password on a SEE Full Disk encrypted machine with Single Sign On enabled.
Windows password changes are not syncing with SEE Full Disk.
Windows password changes when using Single Sign On with SEE Full Disk
If you are using Single Sign On (SSO) on a computer encrypted with SEE Full Disk please observe the following best practices from page 57 of the SEE Full Disk 8.2.1 Installation Guide:
If Single Sign-In is enabled, password changes must be initiated by the user on the local workstation. Administrators cannot reset users' passwords from the server. Third party password change tools such as SSPRM are not supported.
**Note: The recommended method of changing the Windows password is CTRL-ALT-DELETE. Users may encounter problems if they change the password by other methods. Reboot is required after changing the Windows Password.
Procedure for Expired Password
For expired Windows passwords, please observe the following best practices from page 55 of the SEE Full Disk 8.2.1 WIndows User Guide:
Your administrator may have set a policy that requries you to change your password after a set period of time. For example, you may be forced to change your password every three months.
Windows will prompt you to change your password each time you log on. Before proceeding to change your password, power the machine off and then back on. Complete pre-boot authentication. Then go ahead and change your password as prompted.