Re: Unable to change domain password when logged in as local user
- From: "Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Sep 2009 00:11:48 -0400
"sixty6nova" <sixty6nova.3yvqvb@xxxxxxxxxxxxx> wrote in message
news:sixty6nova.3yvqvb@xxxxxxxxxxxxxxxx
I have a relatively small network-1 file server which is the DC. Server
runs Win2003 and all workstations are Win XP Pro SP3. We have
previously not required password changes, but now will require them
changed every 90 days. I set up the policy, and checked the option on
all the user accounts "user must change password at next logon". This
has worked fine on all the desktops-all of those PCs are members of the
domain. The laptops are another story.
All of the laptops are not members of the domain. They are still
members of the default WORKGROUP that XP creates on installation if you
don't join a domain at that time. I have renamed the local
Administrator account and created its password to match that person's
domain username & password. This way when they are out of the office,
they are logging in locally and do not have to wait for it to search for
the domain, then use a cached domain profile. (some of these users are
rarely in the office). And when they are in the office, since the local
login & password is the same as the domain login & pwd, they can access
domain resources such as printers & file shares without logging in
again.
Now that I have checked "user must change password at next logon" for
all the domain user accounts, this is what happens on the laptops:
Log in to the local PC as normal (since they are on a workgroup, the
option to choose a domain isn't even present in the logon box).
Everything comes up normally, then if you try to open a shared folder,
you get another login box. I enter the username and password, and the
login box just comes back, this time with LOCALPCNAME\username in the
username box. So i've tried changing that to DOMAINNAME\username; login
box just comes back again. I've tried using the fully qualified domain
username (user@xxxxxxxxxxxxxxxxxx) and that doesn't work.
Why isn't it letting them login, then asking them to change their
domain password?
Thanks,
Jennifer
--
sixty6nova
------------------------------------------------------------------------
sixty6nova's Profile: http://forums.techarena.in/members/137379.htm
View this thread: http://forums.techarena.in/active-directory/1249480.htm
http://forums.techarena.in
The system will not allow a password change when trying to logon to access a
resource (mapped drive, UNC, etc). The user literally must logon to the
domain to do this. It's a security stipulation.
I don't quite agree wtih the way you have this setup. Honestly, this is the
first I've heard of doing it this way, especially with renaming the local
admin account on a laptop to the user's domain account. I have a customer
with remote clients that are hardly in the office. They would come by every
two months. However, they logon with using a VPN, and they get prompted to
change the password once logged on. Also, users can opt to change their
passwords through OWA.
So I don't fully agree with this solution, and from what you've seen, it's
causing some issues.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
.
- References:
- Unable to change domain password when logged in as local user
- From: sixty6nova
- Unable to change domain password when logged in as local user
- Prev by Date: Re: Windows 2008 DC in Windows 2003 domain = slow logons , warning long story
- Next by Date: RE: Application Instalation throug GPO
- Previous by thread: Unable to change domain password when logged in as local user
- Next by thread: AD newbie question
- Index(es):
Relevant Pages
|
Loading
