password change problem

---

• From: dilshad.ahmad007@xxxxxxxxx
• Date: 3 May 2007 09:38:21 -0700

---

I am having problems with accounts on my Windows 2003
active directory to change passwords. I first setup my
password policy on the top of the domain to be atleast 8
characters long, remember 10 previous passwords...thats
about it...all my OU's are clean and dont have any other
password restrictions, like i said, i made this at the
top and want this password policy accross the domain.

At first, all was fine, my users could ctrl-alt-delete
and change the password when ever they wanted...but I
found that remembered 10 previous passwords was a bit
harsh..so i relaxed the policy..again at the top of the
domain..but now..when my users try to ctrl-alt-delete abd
change the password..once they enter the new password,
they get an error saying that it cannot work because its
not long enough or matches previous passwords.


In all cases, the passwords do meet the 8 character
criteria i set and never used the password before..it
even comes up with my policy settings, so I then dicided
to not define any settings on the domain for the
policy..and i still cant have my users change the
password..still says that it doesnt meet the
criteria..even though everything is disabled..i checked
on all the OU's.


I first though maybe my users didnt have rights, but even
myself..an enterprise admin..I cant...i then tried to
change the password for the domain adminstrator account
and still couldnt..same error..if i go into ADS and under
the account of the user, set the option for the user to
change and next log in, no problem works fine, just cant
do ctrl-alt-delete and change it


plz resolve this problem


thanks & regards

Dilshad Ahmad

.

---

• Follow-Ups:
  • Re: password change problem
    • From: Harj

• Prev by Date: disable Compress drive option
• Next by Date: Re: W2K3 R2 is not logging/auditing failure events
• Previous by thread: disable Compress drive option
• Next by thread: Re: password change problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Password expires for no apparent reason ... go to the server and run rsop.msc and check your password policy, ... expires' is set for each user. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps the ... (microsoft.public.windows.server.active_directory) Re: Valid password characters ... A good password policy should be combined with a good user name ditto. ... whereby an account would be disabled after a certain of unsuccessful ... The attack on this type of protection will not be a frontal attack ... without even the implied warranty of merchantability ... (microsoft.public.inetserver.asp.db) Re: Password Policy for remote users ... There is only one password policy per domain or per machine. ... accounts, and this or the highest priority GPO setting account policies ... Change remote users passowrd to more complex. ... (microsoft.public.security) RE: Password Audit Software by Microsoft ... Good to see that you've made headway on setting a good password policy by ... >> of the account should know the password. ... >> Mark Whitby ... >>> Does anyone know of a Microsoft download that allows domain administrators to ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2007-05