Re: User get access denied error when prompted to change password adte Reset
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/07/04
- Next message: Steven L Umbach: "Re: Security for data files"
- Previous message: Steven L Umbach: "Re: windows 2000 blue screen after login"
- In reply to: Mike Robertson: "User get access denied error when prompted to change password adte Reset"
- Next in thread: Mike Robertson: "Re: User get access denied error when prompted to change password adte Reset"
- Reply: Mike Robertson: "Re: User get access denied error when prompted to change password adte Reset"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 07 Oct 2004 20:32:54 GMT
Check their user account properties to make sure they are not restricted
from changing passwords. If you enable auditing of account management in the
Domain Controller Security Policy, you may find useful info in the security
log for failed events for account management. If these are XP Pro computers
having this problem, make sure that the domain controllers do NOT have the
security option set for "additional restrictions for anonymous access" set
to no access without explicit anonymous permissions as there effective
setting. You can look under Local Security Policy/security settings/local
policies/security options to view the setting and also check the registry
setting. See the KB link below for that.
http://support.microsoft.com/?kbid=246261
Depending on your domain makeup make sure that the pdc fsmo domain
controller is operational and look in the Event Viewer of it for any
problems. It is also possible that the everyone group does not have proper
permissions to Active Directory user objects. See the link below on how to
check that. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;258788
Try to think if their has been a configuration change around the time this
started happening such as importing a security template or modifying
security policy on domain controllers or domain computers as that may be
related. --- Steve
"Mike Robertson" <mikerobertson01@hotmail.com> wrote in message
news:1ede01c4ac69$3c490b20$a601280a@phx.gbl...
> When a User request a password reset the user receives
> a "You do not have access to change your password" error.
> I've pruned through all my access, security and Group
> policies and cannot pinpoint what's overiding the "User
> must change password at next logon" policy.
> I am using a temporary workaround but it time consuming.
> When the user send a password reset request I change the
> password and get the user on the phone. I tell them what
> the password is reset to and then have them log in then
> do a Ctl+Alt+Del and click the change password button and
> choose a new password. This as I say though is very time
> consuming. Can you help me resolve this problem
- Next message: Steven L Umbach: "Re: Security for data files"
- Previous message: Steven L Umbach: "Re: windows 2000 blue screen after login"
- In reply to: Mike Robertson: "User get access denied error when prompted to change password adte Reset"
- Next in thread: Mike Robertson: "Re: User get access denied error when prompted to change password adte Reset"
- Reply: Mike Robertson: "Re: User get access denied error when prompted to change password adte Reset"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
