Users keep getting asked to change password everyday.

[smitto]

Some of my users which run WindowsXP/SP1 keep getting asked to change thier
password everyday. The domain which is Windows 2000 Servers are set to
expire every 60 days. This is not happening with all users just some of
them. The time on all workstations sync with the servers and all servers
sync from an atomic clock.


Please any assistance to resolve this issue would be great.

Thanks,

smitto

 

[Chriss3]

May them try to use same password again?

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

 

[smitto]

The domain remembers the password. I have it set that the users cannot use
any of last 8 passwords. It does remember and will not let them use the last
8.

smitto

 

[David Brandt [MSFT]]

There are a couple of things we can look at here to help clarify the problem
a bit more.
Are the users that this is affecting all in the same subnet, using the same
hub/switch/router/etc, or anything else that will be common to them but not
other users that are not affected.
Are they getting validated by one paticular dc whereas other users not
affected are getting validated by others (run cmd "set l" to see what dc did
their validation)
Any replication issues between dc's so all dc's have the same pw settings.
Are they getting the msg that their pw is going to expire in "x" days (in
which the "x" decreases as the days pass) and asking if they want to change
it now, that it has expired and must be changed, or something else.


--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[purplehaz]

On the xp boxes, make sure the users aren't set to change password at next
logon. Check this in the users properties, in local user and groups, under
computer managment.

 

[smitto]

Different domain controllers performing the logins. Some users that have the
issue are on same subnet some on different subnet as well as users that do
not have the issue is on same and different subnet.

No replication issues among all domain controllers. Change password check
box is not set. The machines that are having the issue are getting the GP
properly. I have manual forced the GP aslo.

Very strange.

smitto

 

[David Brandt [MSFT]]

Are they seeing the msg that their pw has expired and must be changed when
this happens or is it that they must change it in "x" days.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[Jordan]

Questions:
1. Were the settings defined in the 'Default Domain Policy"?
2. For the Domain Controllers OU, is there any 'Block Inheritance'
configured?

Try the following:
1. Run 'net accounts' on the DC. Check the effective settings.
2. Run 'net accounts' on the client. Check the effective settings.
3. Run 'secedit /export /mergedpolicy /cfg sec.txt'. Check the effective
settings.

For password policy, the settings on the domain controller will be the
effective one, regardless of what you see on the client's computers.

 

[booster]

Hi

before you get lost in space, check on the DCs the settings
of the local PW policies (yes, on the DC) , eventually you they have
other pw policies then the default domain policies, but the settings of
the DC local pw policy take higher prio..

ok ?

/booster