Re: User get access denied error when prompted to change password adte Reset
From: Mike Robertson (mikerobertson01_at_hotmail.com)
Date: 10/08/04
- Next message: Skorpion: "Re: usb pen drives - sometimes install sometimes not"
- Previous message: Jonathan: "Re: Running PWDump3 on a live system"
- In reply to: Steven L Umbach: "Re: User get access denied error when prompted to change password adte Reset"
- Next in thread: Steven L Umbach: "Re: User get access denied error when prompted to change password adte Reset"
- Reply: Steven L Umbach: "Re: User get access denied error when prompted to change password adte Reset"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Oct 2004 05:48:53 -0700
Thanks Steve, You had it bang on. In a recent audit
finding it was recommended that all anonymous access
privileges should be tightened. Unfortunately "Additional
restrictions for anonymous access" was changed to "no
access without explicit anonymous permission". Once I
changed that and force a policy refresh the problem was
fixed.
Thanks so much for your kind and expeditious assistance.
>-----Original Message-----
>Check their user account properties to make sure they
are not restricted
>from changing passwords. If you enable auditing of
account management in the
>Domain Controller Security Policy, you may find useful
info in the security
>log for failed events for account management. If these
are XP Pro computers
>having this problem, make sure that the domain
controllers do NOT have the
>security option set for "additional restrictions for
anonymous access" set
>to no access without explicit anonymous permissions as
there effective
>setting. You can look under Local Security
Policy/security settings/local
>policies/security options to view the setting and also
check the registry
>setting. See the KB link below for that.
>
>http://support.microsoft.com/?kbid=246261
>
>Depending on your domain makeup make sure that the pdc
fsmo domain
>controller is operational and look in the Event Viewer
of it for any
>problems. It is also possible that the everyone group
does not have proper
>permissions to Active Directory user objects. See the
link below on how to
>check that. --- Steve
>
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;258788
>
>Try to think if their has been a configuration change
around the time this
>started happening such as importing a security template
or modifying
>security policy on domain controllers or domain
computers as that may be
>related. --- Steve
>
>
>
>"Mike Robertson" <mikerobertson01@hotmail.com> wrote in
message
>news:1ede01c4ac69$3c490b20$a601280a@phx.gbl...
>> When a User request a password reset the user receives
>> a "You do not have access to change your password"
error.
>> I've pruned through all my access, security and Group
>> policies and cannot pinpoint what's overiding the "User
>> must change password at next logon" policy.
>> I am using a temporary workaround but it time
consuming.
>> When the user send a password reset request I change
the
>> password and get the user on the phone. I tell them
what
>> the password is reset to and then have them log in then
>> do a Ctl+Alt+Del and click the change password button
and
>> choose a new password. This as I say though is very
time
>> consuming. Can you help me resolve this problem
>
>
>.
>
- Next message: Skorpion: "Re: usb pen drives - sometimes install sometimes not"
- Previous message: Jonathan: "Re: Running PWDump3 on a live system"
- In reply to: Steven L Umbach: "Re: User get access denied error when prompted to change password adte Reset"
- Next in thread: Steven L Umbach: "Re: User get access denied error when prompted to change password adte Reset"
- Reply: Steven L Umbach: "Re: User get access denied error when prompted to change password adte Reset"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
