Personal IE certificates and EFS stop working when the local windows password changes

Document ID:3724689
Creation Date:03-Oct-2007
Modified Date:30-Apr-2012
- Micro Focus Products:
  ZENworks Desktop Management

Environment

Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Desktop Management

Situation

Personal IE certificates and EFS stop working after password change when using a DLU policy.

Ensure the profile is not volatile via policy or ensure that "volatile user caching" is enabled on the workstation.

Additionally, set the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Workstation Manager]

"PreserveDLUBinaryData"=dword:00000001

If the "Use eDirectory Credentials" is not specified in the DLU policy, the"PreserveDLUBinaryData" registry key does not appear to prevent IE Certificates and EFS from breaking.

(Note: If"Use eDirectory Credentials" is not specified, the local password will change at each logon, even if the user's eDirectory password does not change.)

Resolution

Fixed in ZENworks 7 Desktop Management Service Pack 1 Interim Release 3a, available at https://download.novell.com

Additional Information

This problem can be caused if the User account has the flag "User cannot change password" unchecked. DLU by default will check that option when the account is created. That option can be unchecked manually or by a policy, and if it is unchecked that gives the user the option to bypass DLU when the password is changed.