Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Desktop Management
Personal IE certificates and EFS stop working after password change when using a DLU policy.
Ensure the profile is not volatile via policy or ensure that "volatile user caching" is enabled on the workstation.
Additionally, set the following registry key:
If the "Use eDirectory Credentials" is not specified in the DLU policy, the"PreserveDLUBinaryData" registry key does not appear to prevent IE Certificates and EFS from breaking.
(Note: If"Use eDirectory Credentials" is not specified, the local password will change at each logon, even if the user's eDirectory password does not change.)
Fixed in ZENworks 7 Desktop Management Service Pack 1 Interim Release 3a, available at https://download.novell.com
This problem can be caused if the User account has the flag "User cannot change password" unchecked. DLU by default will check that option when the account is created. That option can be unchecked manually or by a policy, and if it is unchecked that gives the user the option to bypass DLU when the password is changed.