S
Scott R
Hello,
Recently as a security measure we've implemented the registry change that
successfully restricts anonymous.
Running W2K SP4.
ex.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
with a setting of 2.
One of the side effects is that when a user's password expires they receive
a statement that they "do not have permissions to change their password". If
by chance they are prompted that the password will expire in XX days they
are successful in changing their passwords after they log on and are
validated.
I don't want to circumvent the security this feature adds but I do want to
stop the calls from end-users we are receiving due their inability to change
their password. I tried letting the everyone group have the permission on
user objects to change password in a TestOU and this still does not work.
Any help or information would be welcome and appreciated. Thanks for reading
the post.
Thanks,
Scott R
Recently as a security measure we've implemented the registry change that
successfully restricts anonymous.
Running W2K SP4.
ex.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
with a setting of 2.
One of the side effects is that when a user's password expires they receive
a statement that they "do not have permissions to change their password". If
by chance they are prompted that the password will expire in XX days they
are successful in changing their passwords after they log on and are
validated.
I don't want to circumvent the security this feature adds but I do want to
stop the calls from end-users we are receiving due their inability to change
their password. I tried letting the everyone group have the permission on
user objects to change password in a TestOU and this still does not work.
Any help or information would be welcome and appreciated. Thanks for reading
the post.
Thanks,
Scott R