Link to home
Start Free TrialLog in
Avatar of nt2kman
nt2kman

asked on

User is asked to change password on first logon and does not have the right

Have asked that users change their password on first logon on a windows 2000 server. When they change it they are told they do not have permission to change their password. As far as I can tell, they should be able to. I am kind of in a catch 22 here, does anyone have any idea what I might have done?
ASKER CERTIFIED SOLUTION
Avatar of Mihailo
Mihailo

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mark
In the same area mentioned above, you may need to adjust "Additional Restrictions for Anonymous Connections". If this is set to "No access without explicit anonymous access permissions", you will need to back that off to "Do not allow enumeration of SAM accounts and shares".

This is a documented issue at Microsoft.
Avatar of ralonso
ralonso

In AD, you may also need to find the user account in AD.
Check properties->permissions->advanced
There should be an entry saying that user "SELF" has the right to change password for the account

The group "Everyone" Should also have permission to change password for the user account (I'm not inventing, is documented by microsoft)

http://support.microsoft.com/?kbid=242795
I assume that BOTH 'User must change password at next logon' and 'User cannot change password' are not checked....