RE: Please Help
From: pauly [MSFT] (pauly_at_online.microsoft.com)
Date: 02/01/04
- Next message: Aaron: "Re: Is there any way past windows XP Logon"
- Previous message: Colin Nash - [MVP]: "Re: Is there any way past windows XP Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 Jan 2004 23:50:16 GMT
Hi Ray,
In addition to the cause you've already looked at, another possible cause
is if the Everyone group or Authenticated Users group does not have the
correct permissions to simply gain access to the domain controllers from
the network.
To see if this might be the cause and possibly resolve this issue:
1. Start the Active Directory Users and Computers tool, right-click the
Domain Controllers container, and then click Properties.
2. Click the Group Policies tab, click the Default Domain Controllers
policy, and then click Edit.
3. Expand the following items in the policy:
Computer Configuration
Windows Settings
Security Settings
Local Policies
User Rights Assignment
4. Double-click "Access this computer from the network", click Add, click
Browse, and then add Everyone and Authenticated Users.
5. Click OK in each dialog box or window to quit the policy editor. Close
the domain controller properties, and then quit Active Directory Users and
Computers.
6. At a command prompt, type "secedit /refreshpolicy machine_policy
/enforce" (without the quotation marks), and then press ENTER.
=========
This posting is provided "AS IS" with no warranties, and confers no rights.
Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp
Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp
Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp
=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
pauly@online.microsoft.com
--------------------
| From: "Ray" <anonymous@discussions.microsoft.com>
| Subject: Please Help
| Date: Fri, 30 Jan 2004 06:53:14 -0800
|
| Ok this is killing me, Please help. I am running AD on a
| windows 2000 server with service pack 4. If a user at
| logon gets the message that their password is about to
| expire and the "Password Change Notification" message
| appears 10 days. then attempts to change their password
| after receiving the "Password Change Notification"
| message may receive the following error message: You do
| not have permission to change your password.
| According to Microsoft Knowledge Base Article - 258788
| the behavior occurs if the Everyone group has not been
| granted the Change Password right on the user object. I
| checked and the everyone group does have permission to
| change password. This only occurs on XP workstations and
| not on the W2K workstations. I have not been able to
| find any other information to help with this issue other
| then Q258788.
|
| How do I correct this so users can change their password
| at logon?
|
| Thanks
|
|
- Next message: Aaron: "Re: Is there any way past windows XP Logon"
- Previous message: Colin Nash - [MVP]: "Re: Is there any way past windows XP Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
