I have an issue. I have a security policy for custom password parameters. It also uses the "Change password on first notes client use" option turned on. IDVault is configured too. I register a user with this security policy applied (an explicit policy in this case), and assign it an initial password.
Next I use a new multiuser install of 9.0.1 and launch it as that user. I use a configfile to auto configure the client. There is no SSO enabled. The user is prompted for the password. I enter the inital password and client setup completes. I can then access databases on the server. At no point am I prompted to change my password. Now I close the client.
I launch the client a second time, enter the initial password and then I am prompted to change the password "at first logon", even though this is the second login.
I suspect this is a very common issue. It seems as though the policy is only applied to the client AFTER the initial login, and therefore the user is not prompted until the second login.
Anyone seen this before?