"You have no permission to change your password"



Sandor
07-10-2005, 02:06 AM
Dear group,

I've run into a strange problem using Windows 2000 and XP in a domain
environment. When I ask users to change their passwords using
CTRL+ALT+DELETE they type in their old and new passwords. Sometimes the same
error is given if the new password doesn't meet complexity criteria or if
it's in conflict with password history requirements (which i think is
actually a bug in Windows, but that's another story - the error message
should be more descriptive).
I've checked the users' account in Active Directory and it looks fine. None
of the special properties like "User must change password on next logon"
etc. is checked. I've always made sure that "User cannot password" is NOT
checked. Any other ideas of what might be wrong here? Should I look for the
solution in AD, Group Policy (then again on the DC or on the local system)
or in the local registry of the system?

As a work-around I give the users a new and unique (quite complex) password
that they have to use and do NOT set "User must change password at next
logon". However this is actually not fully in line with company security
guidelines. On the long run I want definitely to stop with this "fix".

Any ideas would be appreciated.


"You have no permission to change your password"