Users do not have permission to change permissions

[Guest]

All the sudden we have users that cannot change their password. I looked at all the ms support articles and none of them are on target. The restrictanonymous registry key is zero on our PDC and the effect is the same on both our XP and W2000 machines

Can anyone recommend a course of action

I found articles that we can give the everyone group rights to change passwords for user objects. However, doesn't this allow users to change other people's passwords via the AD Users and Computers MMC?

 

[Andy Cadley]

All the sudden we have users that cannot change their password. I looked

at all the ms support articles and none of them are on target. The
restrictanonymous registry key is zero on our PDC and the effect is the same
on both our XP and W2000 machines.

Can anyone recommend a course of action?

I found articles that we can give the everyone group rights to change

passwords for user objects. However, doesn't this allow users to change
other people's passwords via the AD Users and Computers MMC?

Firstly, make sure that SELF has permission to change the password on user
objects. That will allow a user to only change their own password, whatever
you do don't allow Everyone to change passwords because that's plain wrong.

Assuming that is set correctly, try checking the minimum password age you've
got set by group policy. It may be that your users have changed password and
then tried to change it back and found it doesn't work.

AndyC