Sophos updating credentials when is it time to end a dating relationship
SSPR solutions typically allow a user to easily reset her Active Directory password.
This is great when a user is authenticating directly against a domain controller but not so good when a user, especially a remote user, is logging onto a machine or a VPN connection using Windows cached credentials.
Then all kinds of problems can occur when a user tries to access domain resources and the main problem is repeated account lockouts because the Windows client is passing invalid cached credentials to a domain controller.
First and foremost, it’s not possible to reset cached credentials when an AD password is reset.
In this case the kernel isn't supported and the result is that on-acceess scanning is disabled.
Once they have expired, Sophos will no longer be updated, and your computer will be more vulnerable to new viruses etc.
Cached credentials allow a user to access machine resources when a domain controller is unavailable.
Thanks Suggest you check out - Not all Enterprise feature is available in Central and it is in progress.The important part here is that the user is not authenticating directly against a Windows domain controller for authentication.An SSPR solution allows the AD credentials to be reset but does nothing to affect the cached credentials on the client machine.Basically, this scenario—supported with solutions like Web Active Directory’s People Password product—occurs when users who don’t regularly log directly into a domain and authenticate against a domain controller forget their Windows password.This includes VPN-connected users as well as users who take advantage of resources like portals that store user credentials in AD.