RE: Passwords

From: Paul [MSFT] (pauly_at_online.microsoft.com)
Date: 12/03/03

• Next message: Steven L Umbach: "Re: Certificate request via e-mail"
• Previous message: Steven L Umbach: "Re: Auto logoff user workstation after idle time"
• In reply to: Brent: "Passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 03 Dec 2003 01:11:17 GMT

Hi Brent,

If you create a new user account and you click to select the "User must
change password at next logon" check box, the user may receive the
following error message when he/she tries to change the password during the
logon process:

   You do not have permission to change your password.

This error message occurs if the Everyone group or Authenticated Users
group does not have the correct permissions to gain access to the domain
controllers from the network.

To resolve this issue:

1. Start the Active Directory Users and Computers tool, right-click the
   Domain Controllers container, and then click Properties.

2. Click the Group Policies tab, click the Default Domain Controllers
   policy, and then click Edit.

3. Expand the following items in the policy:

        Computer Configuration
        Windows Settings
        Security Settings
        Local Policies
        User Rights Assignment

4. Double-click "Access this computer from the network", click Add,
   click Browse, and then add Everyone and Authenticated Users.

5. Click OK in each dialog box or window to quit the policy editor.
   Close the domain controller properties, and then quit Active Directory
   Users and Computers.

6. At a command prompt, type "secedit /refreshpolicy machine_policy
   /enforce" (without the quotation marks), and then press ENTER.

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Top 10 Windows XP Security Questions Answered:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
pauly@online.microsoft.com

---

• Next message: Steven L Umbach: "Re: Certificate request via e-mail"
• Previous message: Steven L Umbach: "Re: Auto logoff user workstation after idle time"
• In reply to: Brent: "Passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: domain users force only local server access ... You can restrict computers using ipsec policies. ... complex topic and domain controllers need to be exempt from any policy to ... (microsoft.public.win2000.security) Re: Blocking port scans on local network ... > additional restrictions for anonymous connections in this security guide. ... > do not recommend applying ipsec policy wide scale without some testing of ... > between domain computers and domain controllers as the domain controllers ... (microsoft.public.win2000.security) Re: Control User Access in SBS2000 Domain ... Security Policy on those computers and check the user right for logon ... > new XP Professional computers which have been added to the domain ... (microsoft.public.win2000.security) Re: better way to limit users/group to logon to specific workstati ... You can still do it in policy, ... logon locally setting, and apply it to all computers except the ones you ... Workstations" attribute - applying to the user accounts ... (microsoft.public.windows.group_policy) Re: 10 winxp computer locked by Software Restrictions ... security policy but sounds like a problem with Software Restriction ... I don't know offhand why it is affecting only some computers unless there ... replication between domain controllers. ... know how well netdiag will work in safe mode but make sure the problem ... (microsoft.public.windows.group_policy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2003-12