Re: User must login to change password

From: Rick McElroy (rmcelroy@mbe.com)
Date: 06/28/02 

From: "Rick McElroy" <rmcelroy@mbe.com>
Date: Fri, 28 Jun 2002 07:38:53 -0700

I tried that before and it does not work. I am trying to
roll users over to AD and I can't make them change their
passwords on first login because of this.

>-----Original Message-----
>I dont know if this is the BEST way to do this...
>
>but go to 'Active Directory Users and Computers' and in
the View menu,
>select 'Advanced Features'
>
>Now open the properties for the user object you want to
restrict, and click
>on the 'Security' tab.
>
>In the ACL, remove the 'Allow Change Password' permission
from Everyone, and
>be sure to add the user back in, allowing him/her to
change their password,
>if you want them to. If you need them to be able to
change their password
>before logging on (e.g., when the 'user must change' box
is checked), then
>be sure Everyone CAN Change Password on the object.
>
>You can probably incorporate this in a GPO as well.
>
>Keith C. Jakobs, MCP
>elohir@hotmail.com
>
>
>"Rick McElroy" <rmcelroy@mbe.com> wrote in message
>news:10fe901c21e06$77c80730$37ef2ecf@TKMSFTNGXA13...
>> The option of user must logon to change passwords has
been
>> removed in windows 2000 where or how can you toggle this
>> on or off? My users are restricted from changing
passwords
>> upon inital login when the user must change password box
>> is checked.
>
>
>.
>