Re: Password Permission Issue

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 07/25/03 

Date: Fri, 25 Jul 2003 04:12:39 GMT

       The "restrict anonymous" setting would not apply since you are not in a domain
and these are only local machine accounts. Check the user accounts to make sure that
"user can not change password" is not selected. Removing the everyone group from the
drive root folder is generally a good idea, however you should not change any ntfs
permissions on the systemroot - \winnt folder and subfolders. In general those
folders are already locked down fairly well. If you removed everyone permissions from
those folders, that could very well be causing your problem. There are ways to
restore those permissions. See the following link. It would be worth trying it on at
least one of your computers. --- Steve

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q266118&

"Michael" <somone@somewhere.com> wrote in message
news:uG5PruiUDHA.2568@tk2msftngp13.phx.gbl...
> Hello All,
>
> I've checked the Microsoft KnowledgeBase and looked through the FAQ and
> rest of the posts here, but have found only remotely similar problem posts.
>
> We have a small network (15 PCs) of Win2K Pro systems running in Workgroup
> mode. Some are running SP 3 and others SP 4. I stopped loading SP 4 after
> I noticed this problem, though it is happening even to the systems with SP
> 3.
>
> When a user is required to change their password at the next logon, they
> can't do it. The system tells them "You do not have permission to change
> your password." The password attempts definitely meet the complexity
> requirements in our system security policy.
>
> The only similar problem(s) I could find in the KB inolved domain
> configurations. Also, one suggestion which I felt it could not hurt to try
> that was posted was concerning the registry value of
> RestrictAnonymousAccess. I ensured this was set to 0.
>
> In terms of a little background, I implemented a number of recommended
> security configuration recommendations. One of them happened to be removing
> Everyone from the DACLs. Could this be part of the problem?
>
> Any help is greatly appreciated.
>
>
> Michael
>
>

Relevant Pages

  • Re: exchange message tracking logs question
    ... has read permissions for all users. ... Is it necessary for all users to have read access to this folder? ... would there be any problem in my removing read access to all users? ... worry about this, ...
    (microsoft.public.exchange2000.admin)
  • "Access Denied" When creating a certificate request (CSR)
    ... It was a permissions issue in the folder ... After removing this folder, ... >certificate request, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cant close mailbox folder
    ... Someone suggested going into Control Panel and removing it. ... the folder isn't listed in the "Open additional ... The mailbox shows up in his folder list but can't access ... > anything because he has no permissions. ...
    (microsoft.public.outlook.general)
  • Re: Minimum NTFS Permissions - Theres such a thing???
    ... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
    (microsoft.public.inetserver.iis.security)
  • Re: Unable to delete orphaned 1.5 GB System Restore folder
    ... The fact that the tech support is based in India has nothing to do with the ... If so you may want to leave this folder alone. ... down to all children folders because i can set those permissions to ... try deleting from the command line using system by using the AT ...
    (microsoft.public.windowsxp.security_admin)