Re: Domain users unable to change password
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 21 Aug 2005 10:44:53 -0500
Check their user accounts in AD Users and Computer to make sure that they
are not configured to not allow user to change password in account
properties. Also see if a user can change their password AFTER logging onto
the domain which may be relevant per KB 258788 that I have listed further
down.
I can't think of a Group Policy setting offhand but if you have a Windows
2003 domain controller try running the Resultant Set of Policy mmc snapin in
logging mode for a user/computer that is having this problem to see the
settings configured for the user and the GP applying them. You can also use
the mmc snapin for RSOP on the XP Pro computer but I prefer to do it on a
domain controller. If you are not using Group Policy Management Console yet
that is something you should consider to help manage and troubleshoot GP.
There were some issues in the past with not being able to change passwords
with XP Pro but I though that they were worked out in SP2. One was that
Windows 2000 domain controllers having the security option for additional
restrictions for anonymous connections configured to be - no access without
explicit anonymous permissions. That security option could have been
configured on a domain controller in either Local Security Policy or Domain
Controller Security Policy. The other issues in the links below may also be
of interest.
http://support.microsoft.com/default.aspx?scid=kb;en-us;258788
http://support.microsoft.com/default.aspx?scid=kb;EN-US;273004
Since you are having domain wide problem I would run the support tools
netdiag, dcdiag, and gpotool on a domain controller or two [at least pdc
fsmo] and netdiag on one of the problem domain computers. Those tools will
check for a variety of problems including dns, kerberos, dc list, network
connectivity, replication, and secure channel/computer account integrity.
Also look in the logs using Event Viewer of the domain controllers and a
problem domain computer to see if anything pertinent is found. --- Steve
"Hank Arnold" <rasilon@xxxxxxx> wrote in message
news:%23bigb9ipFHA.272@xxxxxxxxxxxxxxxxxxxxxxx
> I'm still having this problem.....
>
> We are setting up our workstations, so that they do a domain logon instead
> of a local logon. Everything is working just fine except for one thing:
> when the domain GPO expires the password and prompts them to change it,
> they can't.
>
> When prompted, they click on "OK" and the expected window pops up with
> their old password in "*****" and fields for the new password to be
> entered and confirmed. The problem is that once they enter it, the system
> comes back and says that they are not allowed to change it. Needless to
> say, an admin has to do it for them.....
>
> If, however, they log onto the TS server directly, either with a Citrix
> ICA client or RDP, they are able to accomplish the change. This leads me
> to believe that it's a GPO setting or such on the local workstation, not a
> domain GPO issue....
>
> The workstations in question are running Windows XP (98% w/SP2).....
>
> --
> Regards,
> Hank Arnold
>
>
>
.
- Follow-Ups:
- Re: Domain users unable to change password
- From: Hank Arnold
- Re: Domain users unable to change password
- References:
- Domain users unable to change password
- From: Hank Arnold
- Domain users unable to change password
- Prev by Date: Re: printers and group policy
- Next by Date: loopback processing
- Previous by thread: Domain users unable to change password
- Next by thread: Re: Domain users unable to change password
- Index(es):
Relevant Pages
|
