We have a successful implementation of DSfW and users are able to login to eDirectory and the Domain with a single Novell login name and password on machines with the Novell client (WinXP SP3, latest Novell client).

We already determined that attempting to change the password at login when the password expires does not work. So we prompt users within 7 days of their password expiration to change their password after having already logged in. We use the JRB utility to facilitate this as it understands "properly" the changing of Universal passwords. However, it appears that for the Windows AD (DSfW) password to take effect, the user must reboot. If the secure screen saver becomes locked, users are unable to unlock their workstation.

QUESTION: is there a way around this need to reboot to effect the Windows password change? What is the mechanism of changing the Universal password that seemingly requires Windows to be rebooted for it to take effect?