We have a situation where a user is forced to change their password after it expires. They change it successfully on their laptop, but they also have previously logged into another laptop in the building. That other laptop ends up locking out
the user account because it's using cached credentials which are no longer current. Our environment uses a Cisco Identity Service Engine for wireless connections, so the event logs always shows that the source of the lockout is the Cisco Identity
Service Engine. This makes it hard to find what other laptop the user has been logged onto before. It there a way to force those other laptops to "logoff" the user when he/she changes their domain password so they don't lock the account? In other words....if they change their domain password, all their other active sessions on other computers are logged off.
- the problem of having an open mind is, there is always someone trying to put something in it.