Re: More developments "You do not have permission to change your password"
From: Jesper M. Johansson [MSFT] (jesperjo_at_online.microsoft.com)
Date: 05/20/03
- Next message: Tracy: "Re: read only"
- Previous message: Jesper M. Johansson [MSFT]: "Re: Local Administrators"
- In reply to: Michael A. Covington: "More developments "You do not have permission to change your password""
- Next in thread: Michael A. Covington: "Re: More developments "You do not have permission to change your password""
- Reply: Michael A. Covington: "Re: More developments "You do not have permission to change your password""
- Reply: Michael A. Covington: "Re: More developments "You do not have permission to change your password""
- Reply: Sven Aelterman: "Re: More developments "You do not have permission to change your password""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 May 2003 22:23:52 -0700
Do you have any kind of "security guide" applied to the Windows 2000 DC? I
presume the RestrictAnonymous setting you mention below is on the DC? That's
the one that matters here.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email directly to this alias. This alias is for newsgroup purposes only. "Michael A. Covington" <Michael@CovingtonInnovations.com> wrote in message news:efsHRRnHDHA.2176@TK2MSFTNGP10.phx.gbl... > I can now report that putting the server in native mode has absolutely no > effect on this! > > "Michael A. Covington" <mc@deletethisword.uga.edu> wrote in message > news:%23dyqfNYFDHA.3056@tk2msftngp13.phx.gbl... > > Another thing I'm going to pursue is that the domain controller is > presently > > in "mixed" (NT compatible) rather than "native" mode. I'm going to change > > it over in a few days (after our students are finished with exams). > > > > > > "Michael A. Covington" <mc@deletethisword.uga.edu> wrote in message > > news:%23yWyzJMFDHA.1924@TK2MSFTNGP11.phx.gbl... > > > > What do you have set for "Additional restrictions for anonymous > > > > connections"? If you relax this (RestrictAnonymous) setting does the > > > > behavior change? > > > > > > It's set to "None" or "Undefined" in all the group policies. In the > > > Registry, RestrictAnonymous = 0. > > > > > > > > > > > > > > > > > Matt Scarborough 2003-05-06 > > > > > > > > On Sat, 3 May 2003 18:22:35 -0400, Michael A. Covington wrote > > > > <#$KjAKcEDHA.1548@TK2MSFTNGP12.phx.gbl> > > > > > Reposting to bring in more newsgroups, in the hope that someone will > > > know! > > > > > "Michael A. Covington" <Michael@CovingtonInnovations.com> wrote in > > > > message news:ekrO%23r2DDHA.2288@TK2MSFTNGP12.phx.gbl... > > > > > We have a Windows 2000 roaming user profiles network and we are > > > starting > > > > to add some Windows XP client machines. For the most part, everything > > is > > > > going very smoothly. > > > > > > > > > > However, we do have one problem. > > > > > > > > > > When we set up new accounts, they have a default password and are > > > > required to change their password immediately. > > > > > > > > > > And if the owner of a new account happens to log in on a XP client > > > > rather than a Windows 2000 client, he can't do that. He is prompted > for > > > the > > > > original password; gives it; is told "You must change your password" > or > > > > words to that effect; is prompted for a new password; and is told, > "You > > do > > > > not have permission to change your password." Frustration! > > > > > > > > > > This is only because he's trying to change his password before his > > > first > > > > complete login. If I let him log in (by resetting his password for > > him), > > > > then he can change his password just fine. > > > > > > > > > > Clearly, it's a permission issue. But it's *not* the permissions > > > issues > > > > described in: > > > > > > > > > > http://www.mike-tech.com/article.php?gif=win2k&article=165 > > > > > > > > > > http://www.jsiinc.com/SUBE/tip2300/rh2367.htm > > > > > > > > > > We have *not* added any restrictions to remote access. Thus, as > far > > > as > > > > I can tell, this is *not* the problem described in > > > > > > > > > > > > > > > > > > > > http://www.der-keiler.de/Newsgroups/microsoft.public.win2000.security/2002-06/2382.html > > > > > > > > > > either. > > > > > > > > > > What else could it be? How can I definitively check that the > right > > > > permissions exist, and correct them if they need correcting? > > > > > > > > > > Note that new-account-holders using Windows 2000 client machines > are > > > > unaffected. > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Tracy: "Re: read only"
- Previous message: Jesper M. Johansson [MSFT]: "Re: Local Administrators"
- In reply to: Michael A. Covington: "More developments "You do not have permission to change your password""
- Next in thread: Michael A. Covington: "Re: More developments "You do not have permission to change your password""
- Reply: Michael A. Covington: "Re: More developments "You do not have permission to change your password""
- Reply: Michael A. Covington: "Re: More developments "You do not have permission to change your password""
- Reply: Sven Aelterman: "Re: More developments "You do not have permission to change your password""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
