Personal IE certificates and EFS stop working when the local windows password changes

  • 3724689
  • 03-Oct-2007
  • 30-Apr-2012


Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Desktop Management


Personal IE certificates and EFS stop working after password change when using a DLU policy.
Ensure the profile is not volatile via policy or ensure that "volatile user caching" is enabled on the workstation.
Additionally, set the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Workstation Manager]
If the "Use eDirectory Credentials" is not specified in the DLU policy, the"PreserveDLUBinaryData" registry key does not appear to prevent IE Certificates and EFS from breaking.
(Note: If"Use eDirectory Credentials" is not specified, the local password will change at each logon, even if the user's eDirectory password does not change.)


Fixed in ZENworks 7 Desktop Management Service Pack 1 Interim Release 3a, available at

Additional Information

This problem can be caused if the User account has the flag "User cannot change password" unchecked. DLU by default will check that option when the account is created. That option can be unchecked manually or by a policy, and if it is unchecked that gives the user the option to bypass DLU when the password is changed.