Automatic resetting of shared account passwords (on the schedule defined in the password policy) seems to be working only if the account is checked out / checked in previously.
Recently I've imported a set of endpoints and noticed the passwords are not being changed automatically. The event *does* fire and the task runs, but skips the accounts if they never have been checked out/in. On the ACCOUNT_PASSWORD table, I've observed that various fields are NULL, including:
PASSWORD_LAST_MODIFIED_BY
PASSWORD_LAST_MODIFIED_DATE
PWDCHG_INIT_BY_TASK_ID
This is for the accounts I've mentioned, those never been checked out/in. For other accounts these fields have values and their passwords are being changed on the schedule defined in their policy. Using the "Automatic Password Reset" task should work, but it does not allow if there's multiple accounts chosen. Gives the error:
"The endpoint administrative account ***** cannot be selected with other accounts for this task. Please deselect it."
However, it's fine if you select only one. So is this an expected behaviour, or am I missing something? I've not been able to find detailed information about the process.