Re: Users unable to change passwords when prompted

Andrew <andrewr@xxxxxxxx> wrote:
I had passwords must be complex selected but removed it and updated
the policy. (it has also been over a month now with the policy)

Well, that does seem long enough :)

I
tried many different passwords that meet the requirements, but still
nothing. I've set up password policies for larger organizations and
never have run into this problem.

Nothing is logging on the server as to why it is refused. I turned up
the logging to see if I will get more.

Yes, I would. And check on the clients as well - plus, gpupdate & the output
of a rsop.msc

For these guys I edited the default domain password policy using the
group policy management tool.

Cool.


Perhaps a packet sniffer will give me more to go on.


"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:epzcx2ThIHA.6136@xxxxxxxxxxxxxxxxxxxxxxx
Andrew <andrewr@xxxxxxxx> wrote:
I already check the usually suspects and it is not checked. This is
happening to all users (10) also.

Did you check with the password I suggested?

Event logs?


How/where did you create the policy?



"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23YNPbBThIHA.3788@xxxxxxxxxxxxxxxxxxxxxxx
Andrew <andrewr@xxxxxxxx> wrote:
I've configured a password policy for users to change their
passwords, but when it comes time for them to change, users are
unable to. They get a message saying that they do not have
permissions to change them

Check their ADUC properties to make sure there is no tickbox next
to "user cannot change password"

or it does not meet what the policy as
outlined as a requirement.

A good test is a phrase -

My sysadmin is mean!

If that doesn't work it can't be complexity that's the problem.

In troubleshooting this I have removed all complexity to the
password policy

That can take a whileto go away, IIRC

and still they can not change their passwords. They can change
them if I set the account to change password at next logon, but
this doesn't solve my problem. I have read that SP1 for XP fixes
this problem, but my users are running XP SP2.

Any ideas.

This isn't an XP issue at all, so it can't be a service pack issue
on the client. This is a server-side thing.



.

Relevant Pages

  • RE: Problem after setting password complexity
    ... change password after you enable "password must meet complexity ... I suggest you configure the password policy under "domain security ... Password must meet complexity requirements Enabled ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot change password
    ... What is the exact error that the clients get when they try to change their ... > we have strange problems with our passwords. ... > is no problem on the clients to get the policy. ... The password have to match the complexity policy ...
    (microsoft.public.windows.server.general)
  • Re: Users unable to change passwords when prompted
    ... (it has also been over a month now with the policy) ... They get a message saying that they do not have ... If that doesn't work it can't be complexity that's the problem. ... them if I set the account to change password at next logon, ...
    (microsoft.public.windows.server.sbs)
  • RE: Unable to update password
    ... Seems like your users passwords are all not matching with your complexity ... > I made some changes to the default group policy for passwords. ... > box in account which says password never expires and all of sudden ... > and tried to check user must change password on next logon ...
    (microsoft.public.win2000.group_policy)
  • Re: "User must change password" doesnt happen immediately.
    ... > that has been modified to allow async processing of login. ... > This is controlled by a policy. ... >> user was not immediately prompted to change password when he logs on. ... >> happen immediately and not on the second logon attempt? ...
    (microsoft.public.windows.server.security)