XP clients password change

  • Thread starter Thread starter floyd
  • Start date Start date
F

floyd

There seems to be a conflict between my domain security
policy and my XP clients. When prompted by the Win2k DC
to change their domain password the user recieves the
message "You do not have permission to change your
password." That same user can then go to a Win2k
Workstation and successfully change his password. I have
checked the permissions for the Everyone group and since
it works from the Win2k Pro Wkstn it seems the problem
lies somewhere between XP and WIn2k security.

THe XP Pro client is using the DC for DNS.
The client security events are "529 Unknown user name or
bad password" followed by " 535 The specified account has
expired."

The DC Security Log shows "676 Authentication Ticket
Request Failed"

I have been searching the Local Security Policy for
differences between XP and Win2k but nothing obvious
stands out.
..
 
Hi Floyd,

Are the following conditions true when you experience this problem?

- Your computer is part of a Microsoft Windows 2000 domain. -and-
- The "User must change password at first logon" option is enabled for your
user account. -and-
- The RestrictAnonymous value in the
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key of the
Windows 2000 domain controller is set to 2

Is so, a Windows XP SP2 fix may be necessary to resolve the problem. Contact
MS Support to open a free support case to obtain the hotfix from KB 328817
to see if that resolves the issue.

Best,

Kapil Mehra, MSFT
"Please do not send e-mail directly to this alias.
This alias is for newsgroup purposes only."
 
Back
Top