General discussion

Locked

Users are not able to change their password at password expiration prompt

By shailesh.bhartiya ·
I have Windows 200 Advance server, we have ipmplemented the password policy so that password should expire in every 45 days, but user's prompted to change their password at the time of login they get the message that you don'd have permission to change your password. I have given every one password chang rights at the domain controller object.

I dont know why is it happening.
if some body can help me out.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Pocono In reply to Users are not able to cha ...

You should have your users choose a password that is 8-15 characters long, and have them use 1 capital letter, and 1 symbol or number.
They should be able to log in after that...

Collapse -

by ric111 In reply to Users are not able to cha ...

I am quoting from what I got from someone else; I apologize that I did not save information on the source:

If you use a password policy in your Windows 2000 domain, Active Directory users may receive "You do not have permission to change your password" when they attempt to change their password in response to a password change notification.

Chances are that the Everyone group has not been granted the right to Change Password on the User object.

1. In the Active Directory Users and Computers snap-in, right-click your domain.

2. On the View menu, select Advanced Features

3. Right-click the OU hosting the user object and press Properties

4. On the Security tab, if the Everyone group is not present in the Name box, Press "Advanced" and Add it

5. On the Advanced tab, select the Everyone group

6. Press View/Edit and select "User Objects" in the Apply onto box

7. In the Permissions list, check the Change Password permission "Allow" box

8. Press OK and/or Apply till you are finished

Collapse -

by jahmez In reply to Users are not able to cha ...

Have you got the latest service packs. However be careful with upgrading your SP.

Collapse -

by shailesh.bhartiya In reply to Users are not able to cha ...

Thanks every
This han solved my problem.............

7344 ? When a domain user attempts to change their password during logon, they receive 'You do not have permission to change your password'?
The subject behavior will occur if both the following are true:
- You enabled the User must change password at next logon option.
- The Everyone group and/or the Authenticated Users group does NOT have the Access this computer from the network rights on an authenticating domain controller.
To resolve this problem:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the Domain Controllers container and press Properties.
3. Select the Group Policy tab.
4. Select the Default Domain Controllers Policy and press the Edit button.
5. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.
6. Double-click Access this computer from the network.
7. If either the Everyone or Authenticated Users group is missing, add them and press OK. 8. Close the Properties dialog and exit the snap-in.
9. On a domain controller, run SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE.
NOTE: For Windows Server 2003, run gpudate /Target:Computer.

Collapse -

by shailesh.bhartiya In reply to

Poster rated this answer.

Collapse -

by shailesh.bhartiya In reply to Users are not able to cha ...

This question was closed by the author

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums