Re: 2 User Login questions
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/29/04
- Next message: Darren Mar-Elia: "Re: Error when opening GPOs"
- Previous message: Rich: "Redirection: Exclusive My Documents"
- In reply to: Harry Devine: "2 User Login questions"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 29 Jul 2004 21:41:21 GMT
Check that the users account properties in AD Users and Computers is not configured
to not allow the user to change their password. If these users are using XP Pro
computers and the W2K computers do not have a problem there could be a conflict with
a Domain Controller Security Option for additional restrictions for anonymous
connections. If set to "no access without explicit anonymous permissions" as shown in
the effective setting of a domain controllers Local Security policy, that can cause
what you described to happen to users on XP pro computers if they have to change
their password before logging on.
You can configure the notification time for password change warning in the Domain
Security Policy [or whatever domain GPO you use to configure account policies] under
security settings/local policies/security options - prompt user to change password
before expiration. By default this is set to 14 days. -- Steve
"Harry Devine" <hdevine@ourapplecart.com> wrote in message
news:ukkr4nVdEHA.2704@tk2msftngp13.phx.gbl...
> I have a small AD domain with about 30 users. 2 or 3 of these users cannot
> change their password after 90 days when they are prompted to. The error
> message that they get is that they are not permitted to change their
> password. I, as an administrator, have to change it for them in their
> account. These users are part of the Domain Users group (same as everyone
> else that does not have this issue), and I don't have any special group
> policy setup. How can I determine why these people don't have permission to
> change their own passwords?
>
> Second, many of our users do not log off at night when they go home. They
> simply lock their workstation and leave. Mainly, they are stubborn about
> it, but that's life. Anyway, onto my question. In my case, for example,
> when I log in in the morning, I'll get prompted that my password will expire
> in X days, would I like to change it? For those that do not log off, is
> there a way, either in Group Policy, etc., that these people can get a
> notification that their password is due to expire? They are usually forced
> to change it once it does expire, and they're not sure why. I know why, but
> I'd like to give them some advanced notice that it's due to expire.
>
> Thanks for any help,
> Harry
>
>
- Next message: Darren Mar-Elia: "Re: Error when opening GPOs"
- Previous message: Rich: "Redirection: Exclusive My Documents"
- In reply to: Harry Devine: "2 User Login questions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
