Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
DETAILED ACTION
This Office Action is in response to the application 15/223,012 filed on 07/29/2016. Claims 1, 8, and 15 have been amended and claims 1, 8 and 15 are independent claims. Claims 3-4, 10-11 and 17-18 have been canceled and claims 21-26 newly added. Claims 1-2, 5-9, 12-16, 19-26 have been examined and are pending. 
Authorization for this Examiner’s Amendment was made via email with the Applicant’s representative, Matthew Sanders (Reg. No.: 77,972). Mr. Sanders has agreed and authorized the Examiner to amend claims 1, 8 and 15, cancel claims 3-4, 10-11 and 17-18 and add claims 21-26.  
Examiner’s Amendments
Claims
Replacing claims 1-26 as follows:
1.  	(Currently Amended) A non-transitory computer-readable medium embodying a management component executed by a client device, wherein the management component is configured to cause the client device to at least:
	enroll the client device, through the management component installed on the client device, with a management service;
	in response to enrollment of the client device with the management service, determine that a local security policy stored by the management component on the client device indicates that a password hint is required to be defined by a user for a local password corresponding to the client device;
	extract a Windows Relative Identifier (RID) from a Windows Security Identifier (SID) associated with a local user identity of the client device;
	determine that a registry entry in a system registry of the client device fails to comprise the password hint, the registry entry being based upon the RID;
	prompt a user to define the password hint associated with the local password corresponding to the client device; and
	store the password hint in the registry entry on the client device.
2.	(Currently Amended) The non-transitory computer-readable medium of claim 1, wherein the management component is further configured to cause the client device to at least identify the registry entry on the client device associated with the password hint by determining a user identifier corresponding to [[a]] the local user identity of the client device.
3-4.	(Cancelled) 
5. 	(Original) The non-transitory computer-readable medium of claim 1, wherein the management component is further configured to cause the client device to obtain the SID using a Windows application programming interface (API) call to retrieve the SID associated with a currently logged-in user.
	6.	(Original) The non-transitory computer-readable medium of claim 1, wherein the management component is executed as a system process to access the registry entry. 
	7.	(Previously Presented) The non-transitory computer-readable medium of claim 1, wherein the local security policy is obtained by the management component from the management service. 
S8.	(Currently Amended) A method comprising:
	enrolling, by a management component, a client device with a management service, wherein the management component is installed on the client device;
	in response to enrolling the client device with the management service, determining, by the management component, that a local security policy stored by the management component on the client device indicates that a password hint is required to be defined by a user for a local password corresponding to the client device;
	extracting, by the management component, a Windows Relative Identifier (RID) from a Windows Security Identifier (SID) associated with a local user identity of the client device;
	determining, by the management component, that a registry entry in a system registry of the client device fails to comprise the password hint, the registry entry being based upon the RID;
	prompting, by the management component, a user to define the password hint associated with the local password corresponding to the client device; and
	storing, by the management component, the password hint in the registry entry.
9.	(Currently Amended) The method of claim 8, further comprising identifying, by the management component, the registry entry on the client device associated with the password hint by determining a user identifier corresponding to [[a]] the local user identity of the client device.

10-11.	(Cancelled) 

12. 	(Original) The method of claim 8, wherein the management component is further configured to cause the client device to obtain the SID using a Windows application programming interface (API) call to retrieve the SID associated with a currently logged-in user.

13.	(Original) The method of claim 8, wherein the management component is executed as a system process to access the registry entry.

14.	(Previously Presented) The method of claim 8, wherein the local security policy is obtained by the management component from the management service.

M15.	(Currently Amended) A system comprising:
a client device; and
a management component executable by the client device, wherein the 
enroll a client device, through a management component installed on the client device, with a management service;
	in response to enrollment of the client device with the management service, determine that a local security policy stored by the management component on the client device indicates that a password hint is required to be defined by a user for a local password corresponding to the client device;	
	extract a Windows Relative Identifier (RID) from a Windows Security Identifier (SID) associated with a local user identity of the client device;
	determine that a registry entry in a system registry of the client device fails to comprise the password hint, the registry entry being based upon the RID;
	prompt a user to define the password hint associated with the local password corresponding to the client device; and
store the password hint in the registry entry.

16.	(Currently Amended) The system of claim 15, wherein the management component is further configured to cause the client device to at least identify the registry entry on the client device associated with the password hint by determining a user identifier corresponding to [[a]] the local user identity of the client device.

17-18.	(Cancelled) 

19.	(Original) The system of claim 15, wherein the management component is further configured to cause the client device to obtain the SID using a Windows application programming interface (API) call to retrieve the SID associated with a currently logged-in user.
20.	(Previously Presented) The system of claim 15, wherein the local security policy is obtained by the management component from the management service.

21.	(New) The non-transitory computer-readable medium of claim 1, wherein the management component is further configured to cause the client device to:
	lock the client device in response to determining that the registry entry fails to comprise the password hint; and
	unlock the client device in response to the user defining the password hint.

22.	(New) The non-transitory computer-readable medium of claim 1, wherein the management component is further configured to cause the client device to store the password hint in the registry entry using a Windows application programming interface (API) to save the password hint to the registry entry.

23.	(New) The method of claim 8, further comprising:
	locking, by the management component, the client device in response to determining that the registry entry fails to comprise the password hint; and
	unlocking, by the management component, the client device in response to the user defining the password hint.

24.	(New) The method of claim 8, wherein the management component is further configured to cause the client device to store the password hint in the registry entry using a Windows application programming interface (API) to save the password hint to the registry entry.

25.	(New) The system of claim 15, wherein the management component is further configured to cause the client device to:
	lock the client device in response to determining that the registry entry fails to comprise the password hint; and
	unlock the client device in response to the user defining the password hint.

26.	(New) The system of claim 15, wherein the management component is further configured to cause the client device to store the password hint in the registry entry using a Windows application programming interface (API) to save the password hint to the registry entry.

Examiner’s Statement of Reasons for Allowance
Claims 1-2, 5-9, 12-16, 19-26 are allowed. 
The following is an examiner’s statement of reasons for allowance. 
The invention is directed to systems and methods for a password hint policy on a client device. A client device can have a local security policy enforced by the management component that specifies password or passcode requirements. These requirements can govern the users local password. The user's network password can be governed by policies that are specified or enforced through a directory service associated with an enterprise environment. One example of a local security policy that is related to the user's local password can be a requirement that the user specify a password hint that is associated with the user's local password, An administrator might wish to impose the requirement to define a password hint for the user's local password because the administrator often has limited or no ability to reset the user's local password. 
Accordingly, if a user forgets his or her local password, the administrator is often unable to render assistance to the user, which is in contrast to the administrator's ability to reset or redefine the user's network password for the user's identity in the directory service. In one scenario, in order to access enterprise resources that are associated wvith a user's organization, such as the user's employer, university or any other entity employing a directory service, from a particular client device, the organization can require that the user enroll the client device with a management service. Enrollment of the client device with the management service can also require installation of a management component on the client device, which can receive and enforce policies and profiles from the management service. The administrator can specify a particular policy that requires the user to define a password hint that is associated with the user's local password, which can be enforced through the management component as will be described herein. 
The closest prior art are Selander et al. (“Selander,” US 20140289870), Donohue (“Donohue,” US 20150281216), Satagopan et al. (“Satagopan,” US 6457053) and Hoffmann et al. (“Hoffmann,” US 7668881) are also generally directed to various aspects of API based update of network security policies. 
However, none of Selander, Donohue, Sotagopan and Hoffmann, alone or in combination, the particular combination of steps or elements as recited in the independent claim 1. For example, these references fails to teach all limitations recited in claim 1 as a whole, especially “ A non-transitory computer-readable medium embodying a management component executed by a client device, wherein the management component is configured to cause the client device to at least: enroll the client device, through the management component installed on the client device, with a management service; in response to enrollment of the client device with the management service, determine that a local security policy stored by the management component on the client device indicates that a password hint is required to be defined by a user for a local password corresponding to the client device; extract a Windows Relative Identifier (RID) from a Windows Security Identifier (SID) associated with a local user identity of the client device; determine that a registry entry in a system registry of the client device fails to comprise the password hint, the registry entry being based upon the RID; prompt a user to define the password hint associated with the local password corresponding to the client device; and store the password hint in the registry entry on the client device.” 
These features in light of other features described in the independent claim 1 is allowable over the prior art of record. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to void processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6 PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 


/EDWARD LONG/
Examiner, Art Unit 2439


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439