Automatic resetting of shared account passwords (on the schedule defined in the password policy) seems to be working only if the account is checked out / checked in previously.
Recently I've imported a set of endpoints and noticed the passwords are not being changed automatically. The event *does* fire and the task runs, but skips the accounts if they never have been checked out/in. On the ACCOUNT_PASSWORD table, I've observed that various fields are NULL, including:
This is for the accounts I've mentioned, those never been checked out/in. For other accounts these fields have values and their passwords are being changed on the schedule defined in their policy. Using the "Automatic Password Reset" task should work, but it does not allow if there's multiple accounts chosen. Gives the error:
"The endpoint administrative account ***** cannot be selected with other accounts for this task. Please deselect it."
However, it's fine if you select only one. So is this an expected behaviour, or am I missing something? I've not been able to find detailed information about the process.
Here we are discussing two different things.
The first part :: Password of the accounts that are not checked-in/checked-out even once, the password reset does not happen as per the password policy schedule, this is as per design. The application does not capture the password of such accounts and hence the firelds the DB also have the NULL value and this can't be modified. Currently this is as per design.
You can post this as an idea in here.
The second part needs to be investigated further.
Thanks and Regards,
Please open a support ticket if you need the issue to be investigated further as suggested by Reatesh.
Sorry for dropping late: Thank you Reatesh, this is a really descriptive and precise answer. What I was really concerned was the first part, so for the second I'll try to do more analysis.