Recently, the Desktop Support Desk was contacted with the following question regarding the new DDI Timekeeper system: "When I log into PS Desktop, it tells me my password will expire in several days.  Is it ok to go ahead and change my password at that time?"

The answer to this question is yes and no.   While it is perfectly acceptable to change your password before the actual due date, do NOT change your password inside of Citrix\PS Desktop, for it will surely lock out your account.

The reason your account gets locked out if you change the password inside of Citrix is because you are technically logged into your account on your desktop machine with your "old" password.  In the mornings, when you first turn on your machine, usually you log into the domain using your current password.  If during the day you log into PS Desktop and then select to change your current password to something even newer, the brand new password you change it to is now the acceptable one.  And, the current password you used right before changing becomes the "old" unacceptable one.  But, since you are still logged into your computer with your current (now "old") password, the server thinks your account is trying to be accessed using an unacceptable password and locks out the account in order to maintain security.

Once your account is locked out, there is no way for you to get back into such things as email or the library system without first calling the Helpdesk to have your account unlocked.  Even if you reboot and try using the new "now current" password, it will not let you in until the Helpdesk has unlocked you.

Therefore, the rule of thumb is to NEVER change your password inside of the Citrix\PS Desktop sesssion.