"You have no permission to change your password"



Dear group,

I've run into a strange problem using Windows 2000 and XP in a domain
environment. When I ask users to change their passwords using
CTRL+ALT+DELETE they type in their old and new passwords. Sometimes the same
error is given if the new password doesn't meet complexity criteria or if
it's in conflict with password history requirements (which i think is
actually a bug in Windows, but that's another story - the error message
should be more descriptive).
I've checked the users' account in Active Directory and it looks fine. None
of the special properties like "User must change password on next logon"
etc. is checked. I've always made sure that "User cannot password" is NOT
checked. Any other ideas of what might be wrong here? Should I look for the
solution in AD, Group Policy (then again on the DC or on the local system)
or in the local registry of the system?

As a work-around I give the users a new and unique (quite complex) password
that they have to use and do NOT set "User must change password at next
logon". However this is actually not fully in line with company security
guidelines. On the long run I want definitely to stop with this "fix".

Any ideas would be appreciated.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question