At one particular client, I noticed that a couple of newly-imaged 10.10.x clients had different settings by default. One had the "Synchronize login keychain password with account" option enabled, one didn't.
Today I had time to check at another client that has about 100 seats, all imaged to 10.10.2, some updated to 10.10.3, within the last month. 85-90% of them had this option checked, the remainder had it unchecked, and it is unlikely that a previous user preference was migrated, or that these users even had reason to open Keychain Access.
I was able to view it via (running as the user)
defaults read ~/Library/Preferences/com.apple.keychainaccess.plist SyncLoginPassword
I was able to fix it via (running as the user):
defaults write ~/Library/Preferences/com.apple.keychainaccess.plist SyncLoginPassword -bool YES
Wondering if anyone else can confirm that this login.keychain password synchronization isn't consistent by default across multiple computers in an enterprise.
On my few test 10.10 Macs, the option is enabled, but the entry in the plist doesn't actually exist. Running the defaults read command just generates an error and upon closer inspection, that item isn't there. Yet, its enabled, so on my systems at least, its getting this value by default from somewhere.
Noticing a quirk in this setting myself this morning I did some digging around and spotted this thread so thought I'd add what I discovered.
I've found that if you use Keychain Access to update the login keychain password then this setting will get disabled automatically.
Additionally, if someone chooses "Continue Log In" when shown the Login Keychain UI during login then enters the correct password on any prompt that asks for the keychain password, this will also disable the setting.
I hope this helps to explain why there may be some discrepancies between clients.