Changing passwords

D

Dick Burch

We have several XP Professionl machines running on a NT
network. Their passwords are schduled to expire and they
are getting a message that the password will expire in X
number of days. When they try to change the password,
they get a message that says they are not authorized to
change the password.
The local machine and user has administrator rights and
the server is set to allow the user to change their
passwords. I have about 50 users using 98 to NT and they
work fine. The XP users are all having this same
problem.
Thanks.
 
S

Shain Wray [MSFT]

Hello Dick,

This problem can occur if the following conditions are true:

- Your computer is part of a Microsoft Windows 2000 domain. -and-
- The "User must change password at first logon" option is enabled for
your user account. -and-
- The RestrictAnonymous value in the
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key of
the Windows 2000 domain controller is set to 2

There is a hotfix for this, if you would like to test the hotfix please
call into Microsoft and ask for the hotfix related to 328817. You will not
be charged for the hotfix request.

To work around this problem, set the

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
registry entry on the Windows 2000 domain controller to use a
value of either 0 (zero) or 1. To do so:

WARNING: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system.
Microsoft
cannot guarantee that you can solve problems that result from using
Registry
Editor incorrectly. Use Registry Editor at your own risk.

1. Click" Start", and then click "Run".
2. In the "Open" box, type "regedit" (without the quotation marks), and
then click "OK".
3. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
4. In the right pane, double-click "RestrictAnonymous".
5. In the "Value data" box, type "0" (without the quotation marks) or
"1" (without the quotation marks), and then click "OK".
6. Quit Registry Editor.


Best regards,
--
Shain Wray
Microsoft PSS Security Team

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Change Passwords 1
Windows XP password expiration warning does not appear reliably 5
Expiration notification 4
password change prompt 3
All users passwords in the domain expired without Notice 3
Cannot Remove User Logon Passwords 3
Warning - Extortion Scam 2
WINDOWS NT PASSWORD EXPIRATION 4

Top