Password Changing

N

Nick Whitworth

Hello,

We have setup some new pc's and users and added them to a
Windows 2000 domain. The user accounts have been created
in AD with a standard password and added to the power
users group on the local machine. When logging on to the
domain with one of these new user accounts the new users
get the following error when trying to then change their
password using Ctrl + Alt + Del, "You are not authorized
to change the password at this time."

We would like to resolve this issue so users can change
their passwords rather than have someone have to change
individual users' passwords in AD users & computers.

There are no DNS issues with the PCs, they can resolve
names and resource records fine.

Hope someone can help.

TIA,
Nick
 
S

S.J.Haribabu

Hi,

I did research and found the following article.

This behavior occurs if the Everyone group has not been granted the Change
Password right on the user object. By default, the "Password Change
Notification" message appears 14 days before the "Maximum password age"
policy setting.

If the Everyone group does not have the Change Password right on the
object, passwords cannot be changed over the null session connection
(anonymous logon relies on the Everyone group to carry out this action)
established between the workstation and a domain controller. Instead, an
authenticated session is required to change a password (users must be
logged on to change their password).

RESOLUTION
=============
To resolve this issue:
Start the Active Directory Users and Computers snap-in.
Right-click your domain, and then click Advanced Features on the View menu
to enable advanced features.
Right-click the container hosting the user object to which you want to
grant the Change Password right (for example, Users), and then click
Properties .
Click the Security tab. Make sure that the Everyone group is listed in the
Name box. If it is not, click Advanced, and then add the Everyone group to
the list from the Advanced Access Control Settings dialog box. If the
Everyone group does exist, click Advanced and continue with the next step.
Click the Everyone group in the list, and then click View/Edit to edit the
group's permissions. In the Apply Onto box, click User Objects. In the
Permissions section, click to select the Change Password permission in the
Allow box.
Click OK to accept the changes.

For more information look at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;258788
Also go thru http://support.microsoft.com/default.aspx?scid=kb;en-us;242795

Hope the given solution will solve your issue.

Thanks
(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

set password expiry to a few weeks. 3
User's can't change password 2
Shortcut to change password dialog 3
Expiration notification 4
LastPass security flaw identified 0
Machine Account Password Changes - What Triggers Them? How to Vali 1
User can't change password 3
Warning - Extortion Scam 2

Top