Re: More developments "You do not have permission to change your password"
From: Sven Aelterman (informatica_at_freemail.nl)
Date: 05/27/03
- Next message: Pee2: "Can I secure computer while leaving internet connection on?"
- Previous message: Corey: "How Do I get multiple VPN's"
- In reply to: Jesper M. Johansson [MSFT]: "Re: More developments "You do not have permission to change your password""
- Next in thread: Matt Scarborough: "Re: More developments "You do not have permission to change your password""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 May 2003 18:32:11 +0200
I am struggling with the same problem.
I have clearly set the permissions for unauthenticated users to 2 (No access
rights). Is that the cause?
If it is, too bad. But how come Windows 2000 and Windows XP behave
differently in this area?
-- Sven Aelterman IT e-globalcom.net "Jesper M. Johansson [MSFT]" <jesperjo@online.microsoft.com> wrote in message news:epI9q$oHDHA.3604@tk2msftngp13.phx.gbl... > Do you have any kind of "security guide" applied to the Windows 2000 DC? I > presume the RestrictAnonymous setting you mention below is on the DC? That's > the one that matters here. > > -- > This posting is provided "AS IS" with no warranties, and confers no rights. > Please do not send email directly to this alias. This alias is for newsgroup > purposes only. > > > "Michael A. Covington" <Michael@CovingtonInnovations.com> wrote in message > news:efsHRRnHDHA.2176@TK2MSFTNGP10.phx.gbl... > > I can now report that putting the server in native mode has absolutely no > > effect on this! > > > > "Michael A. Covington" <mc@deletethisword.uga.edu> wrote in message > > news:%23dyqfNYFDHA.3056@tk2msftngp13.phx.gbl... > > > Another thing I'm going to pursue is that the domain controller is > > presently > > > in "mixed" (NT compatible) rather than "native" mode. I'm going to > change > > > it over in a few days (after our students are finished with exams). > > > > > > > > > "Michael A. Covington" <mc@deletethisword.uga.edu> wrote in message > > > news:%23yWyzJMFDHA.1924@TK2MSFTNGP11.phx.gbl... > > > > > What do you have set for "Additional restrictions for anonymous > > > > > connections"? If you relax this (RestrictAnonymous) setting does > the > > > > > behavior change? > > > > > > > > It's set to "None" or "Undefined" in all the group policies. In the > > > > Registry, RestrictAnonymous = 0. > > > > > > > > > > > > > > > > > > > > > > Matt Scarborough 2003-05-06 > > > > > > > > > > On Sat, 3 May 2003 18:22:35 -0400, Michael A. Covington wrote > > > > > <#$KjAKcEDHA.1548@TK2MSFTNGP12.phx.gbl> > > > > > > Reposting to bring in more newsgroups, in the hope that someone > will > > > > know! > > > > > > "Michael A. Covington" <Michael@CovingtonInnovations.com> wrote > in > > > > > message news:ekrO%23r2DDHA.2288@TK2MSFTNGP12.phx.gbl... > > > > > > We have a Windows 2000 roaming user profiles network and we are > > > > starting > > > > > to add some Windows XP client machines. For the most part, > everything > > > is > > > > > going very smoothly. > > > > > > > > > > > > However, we do have one problem. > > > > > > > > > > > > When we set up new accounts, they have a default password and > are > > > > > required to change their password immediately. > > > > > > > > > > > > And if the owner of a new account happens to log in on a XP > client > > > > > rather than a Windows 2000 client, he can't do that. He is prompted > > for > > > > the > > > > > original password; gives it; is told "You must change your password" > > or > > > > > words to that effect; is prompted for a new password; and is told, > > "You > > > do > > > > > not have permission to change your password." Frustration! > > > > > > > > > > > > This is only because he's trying to change his password before > his > > > > first > > > > > complete login. If I let him log in (by resetting his password for > > > him), > > > > > then he can change his password just fine. > > > > > > > > > > > > Clearly, it's a permission issue. But it's *not* the > permissions > > > > issues > > > > > described in: > > > > > > > > > > > > http://www.mike-tech.com/article.php?gif=win2k&article=165 > > > > > > > > > > > > http://www.jsiinc.com/SUBE/tip2300/rh2367.htm > > > > > > > > > > > > We have *not* added any restrictions to remote access. Thus, as > > far > > > > as > > > > > I can tell, this is *not* the problem described in > > > > > > > > > > > > > > > > > > > > > > > > > > > http://www.der-keiler.de/Newsgroups/microsoft.public.win2000.security/2002-06/2382.html > > > > > > > > > > > > either. > > > > > > > > > > > > What else could it be? How can I definitively check that the > > right > > > > > permissions exist, and correct them if they need correcting? > > > > > > > > > > > > Note that new-account-holders using Windows 2000 client machines > > are > > > > > unaffected. > > > > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Pee2: "Can I secure computer while leaving internet connection on?"
- Previous message: Corey: "How Do I get multiple VPN's"
- In reply to: Jesper M. Johansson [MSFT]: "Re: More developments "You do not have permission to change your password""
- Next in thread: Matt Scarborough: "Re: More developments "You do not have permission to change your password""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
