Reset local account password keeps failing. Apparently this is due to the local account being secure token enabled.

So what's the best option?

We deployed a generic local account (standard user) to a lab. For some reason the account works fine, then the next day, no one can login. Like the password changed. To avoid having our techs constantly resetting the local account password, I wanted to deploy an ongoing policy that resets the password, but that's not working.