first log on domain,disp not permiss change password?

  • Thread starter Thread starter yzx
  • Start date Start date
Y

yzx

i set use first logon must change password,but log on at
windows xp,input new password system disp message you not
permiss change password,but log on windows 2000 profession
can change password success,why?
 
Check the Domain Controller Security policy for the security option -
"additional restrictions for anonymous connections". If it is set no access
without explicit anonymous permissions, that has been known to cause those
types of problems. If it is set at that, try backing it down to do not allow
enumeration of sam accounts and shares. --- Steve
 
See following procedure using mmc. --- Steve
1.. Click Start, point to Programs, point to Administrative Tools, and then
click Local Security Policy.

NOTE: If you cannot perform this step because "Administrative Tools" does not
show up in the Program list, then click Start, point to Settings, point to
Control Panel, click Administrative Tools, and then click Local Security Policy.
Then proceed to step two.
2.. Under Security Settings, double-click Local Policies, and then click
Security Options.
3.. Double-click Additional restrictions for anonymous connections, and then
click "do not allow enumeration of sam accounts and shares" under Local policy
setting.
4.. Restart the member computer or domain controller for the change to take
effect.
 
Back
Top