F
floyd
There seems to be a conflict between my domain security
policy and my XP clients. When prompted by the Win2k DC
to change their domain password the user recieves the
message "You do not have permission to change your
password." That same user can then go to a Win2k
Workstation and successfully change his password. I have
checked the permissions for the Everyone group and since
it works from the Win2k Pro Wkstn it seems the problem
lies somewhere between XP and WIn2k security.
THe XP Pro client is using the DC for DNS.
The client security events are "529 Unknown user name or
bad password" followed by " 535 The specified account has
expired."
The DC Security Log shows "676 Authentication Ticket
Request Failed"
I have been searching the Local Security Policy for
differences between XP and Win2k but nothing obvious
stands out.
..
policy and my XP clients. When prompted by the Win2k DC
to change their domain password the user recieves the
message "You do not have permission to change your
password." That same user can then go to a Win2k
Workstation and successfully change his password. I have
checked the permissions for the Everyone group and since
it works from the Win2k Pro Wkstn it seems the problem
lies somewhere between XP and WIn2k security.
THe XP Pro client is using the DC for DNS.
The client security events are "529 Unknown user name or
bad password" followed by " 535 The specified account has
expired."
The DC Security Log shows "676 Authentication Ticket
Request Failed"
I have been searching the Local Security Policy for
differences between XP and Win2k but nothing obvious
stands out.
..