Domain user can't change password

Hank Arnold · Jul 30, 2005

Not sure if this is a DC GPO or local GPO question.

We are setting up our new XP workstations so that they are added to our W2K
AD domain. They then do a domain logon. Everything works fine except for one
thing.

When they are prompted that their domain password will expire in xx days (or
has expired), they enter the new password, confirm it and then click on
"OK". They get back the response that "You are not authorized to change the
password" (or words to that effect). An admin has to log on and change it
for them in AD.

Needless to say, this is a royal PITA..... Is there a GPO setting that we
can set? Hopefully, it's a domain GPO setting, but a local GPO is
"OK"............

TIA.

Denis Wong @ Hong Kong · Aug 3, 2005

Hi Hank,

This shouldn't be a GPO issue.

Check the domain account (account properties) and see if the account is
prohibited from changing password.

br,
Denis

Hank Arnold · Aug 3, 2005

The domain account is fine, I think. If the user logs on to the Citrix/TS
server, they get the password change prompt and it works just fine. The
problem is when they do a domain logon on the local machine. They get a
prompt and enter the changed password. When they press "Enter" is when they
have a problem. This is what makes me think it's a problem on the local
machine, not the domain....

Denis Wong @ Hong Kong · Aug 4, 2005

Hi Hank,

Try to check out these KB.

"You do not have permission to change your password" error message when you
try to change your password in Windows XP
http://support.microsoft.com/?kbid=328817
Cannot Change Password in Windows Without Logging on to Domain
http://support.microsoft.com/?kbid=258788

br,
Denis

Guest · Aug 31, 2005

Denis Wong @ Hong Kong said:
Hi Hank,

Try to check out these KB.

"You do not have permission to change your password" error message when you
try to change your password in Windows XP
http://support.microsoft.com/?kbid=328817
Cannot Change Password in Windows Without Logging on to Domain
http://support.microsoft.com/?kbid=258788

br,
Denis

Guest · Aug 31, 2005

I am having teh same problem too, I have enabled teh permission suggested in
the kb article but teh users still can't change theier passwords when
prompted with expiry notification. Could it be a registry setting on teh
domain controller?

GPO setting to allow domain password changes on a local computer?	2	Jul 20, 2005
GPO Password Policy is applied but not working	4	Sep 14, 2006
Problem with Password Policy	3	Aug 10, 2006
GPMC 2000 Domain	3	Jul 31, 2008
Server and Domain Isolation Using IPsection	6	Jan 30, 2006
GPOs for Local Password Policies	2	Nov 3, 2004
Password policy not enforced	1	Apr 9, 2008
GPO or egistry change to allow changing domain PW on local machine?	1	Jul 20, 2005

Domain user can't change password

Hank Arnold

Denis Wong @ Hong Kong

Hank Arnold

Denis Wong @ Hong Kong

Guest

Guest

Ask a Question

Similar Threads