Re: Unauthorized to change password

From: Steven L Umbach (n9rou_at_attbi.com)
Date: 05/30/03 

Date: Fri, 30 May 2003 18:43:28 GMT

        Check user account properties to make sure that "user can not change
password" is not selected If password never expires is selected, then
account policy password age does not apply. Password policy for domain
accounts can only be configured at domain policy level. I have heard of
users also having a problem changing their passwords on XP machines if
security option for domain controllers "additional restrictions for
anonymous connections" is set to no access without explicit anonymous
permissions. See links for a few more issues that may or may not pertain to
your problem, but FYI. --- Steve

http://asia.cnet.com/itmanager/netadmin/0,39006400,39108281,00.htm -- SMB
signing incompatability.
http://support.microsoft.com/?kbid=244474 --- Force Kerberos to use TCP.

"Terry Bailey" <TerryB@grandriverSupply.com> wrote in message
news:OnBKHUsJDHA.1752@TK2MSFTNGP12.phx.gbl...
> Hi all,
>
> I've been out of the network adminstrator position for a while. I now
find
> myself as admin for a small network with XP pro workstations and Win2k DC.
> I ran baseline and and IIS lockdown, all sorts of security updates, and
> somewhere I did something that not only requires everyone to change thier
> passwords, but tells them they are unauthorized to change thier password
> when they try.
>
> I've check the user profiles and the do not have password expiration
> enabled. (I know, bad move)
> I can find nothing in the account policies of the domain security policies
> or domain controller security policies tjat would cause this. Any ideas
> would be helpful. 7 days to lockout and counting.
>
> Also, is there a way to prevent a person or account from being used on two
> computers in the domain at the same time?
>
> Thanks a bunch
>
> TB
> IT Admin
>
>
>
>

Relevant Pages

  • Re: GPO causing client security logs to fill?
    ... a virus in play. ... settings to be applied on your client workstations. ... Group Policy is a complex and often misunderstood beast. ... I modified the account ...
    (microsoft.public.windows.server.sbs)
  • Re: The local policy of this system does not permit you to logon i
    ... Security policies were propagated with warning. ... Error 0x534 occurs when a user account in one or more Group Policy objects ... I have checked the security policies & the administrator profile is not ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... Unlink the Default Domain Controller Policy (As it was not previously ... settings to be applied on your client workstations. ... I modified the account ... So basically, the Account lockout threshold, account lockout ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... Possibly delete the Default Domoan Controller Policy (As it did not ... issues as it was about recoverying from a virus which appears to ... with client logon failures. ... I modified the account ...
    (microsoft.public.windows.server.sbs)
  • Re: Password expires for no apparent reason
    ... policy that has set the values to what you see below meaning that users ... So I would define the password age and configure a value in there. ... As Harj said Account lockouts could potentially be a problem as perhaps ... Password expires for no apparent reason ...
    (microsoft.public.windows.server.active_directory)