Solved

User recieves "You do not have permission to change your password" when warned that password will expire in X days.

Posted on 2004-03-29
9
254 Views
Last Modified: 2010-04-13
When the user logs on they get a warning that their password will expire in X days, would you like to change it now.  When they try they get a "You do not have permission" error.  If they log in to the machine, they can change theor password through the old Ctrl-alt-del menu.

I have checked the domail controller policy and the allow access object has everyone and authenticated users.

Help!

0
Comment
Question by:scwerntz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10707086
http://www.mike-tech.com/article.php?gif=win2k&article=165

You Do Not Have Permission To Change Your Password (05-05-2002)
--------------------------------------------------------------------------------
If you use a password policy in your Windows 2000 domain, Active Directory users may receive "You do not have permission to change your password" when they attempt to change their password in response to a password change notification.

Chances are that the Everyone group has not been granted the right to Change Password on the User object.

1. In the Active Directory Users and Computers snap-in, right-click your domain.

2. On the View menu, select Advanced Features

3. Right-click the OU hosting the user object and press Properties

4. On the Security tab, if the Everyone group is not present in the Name box, Press "Advanced" and Add it

5. On the Advanced tab, select the Everyone group

6. Press View/Edit and select "User Objects" in the Apply onto box

7. In the Permissions list, check the Change Password permission "Allow" box

8. Press OK and/or Apply till you are finished
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10707149
http://www.jsiinc.com/SUBO/tip7300/rh7344.htm

7344 » When a domain user attempts to change their password during logon, they receive 'You do not have permission to change your password'?

The subject behavior will occur if both the following are true:

- You enabled the User must change password at next logon option.

- The Everyone group and/or the Authenticated Users group does NOT have the Access this computer from the network rights on an authenticating domain controller.

To resolve this problem:

1. Open the Active Directory Users and Computers snap-in.

2. Right-click the Domain Controllers container and press Properties.

3. Select the Group Policy tab.

4. Select the Default Domain Controllers Policy and press the Edit button.

5. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

6. Double-click Access this computer from the network.

7. If either the Everyone or Authenticated Users group is missing, add them and press OK. 8. Close the Properties dialog and exit the snap-in.

9. On a domain controller, run SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE.

NOTE: For Windows Server 2003, run gpudate /Target:Computer.
0
 
LVL 1

Author Comment

by:scwerntz
ID: 10707224
OK, both of these are configured correctly.  The permissions are there.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Comment

by:scwerntz
ID: 10707236
I checked all of these settings based on these and other articles I have found.  There has to be something else.
0
 
LVL 1

Expert Comment

by:justinm99
ID: 10707416
crazyone how do you get to questions so quickly? do you have something that notifies you if a new question has been asked or do you refresh the webpage like every 30 seconds?  :)
0
 
LVL 3

Expert Comment

by:fajar79
ID: 10709930
how about the length of password ? do you change the default setting? > 6 characters long, uppercase, lowercase, number, nonalphanumeric...
0
 
LVL 1

Author Comment

by:scwerntz
ID: 11326290
I had to open a ticket with Microsoft on this one.  We are running in mixed mode.  There was one registry key that was changed that had to be reset.  

PROBLEM
============

Users cannot change password until they log on to the system.


RESOLUTION
============

The issue is related to the registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous

After changing its value from 2 to 0, the original issue is solved.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 11518530
PAQed, with points refunded (250)

Computer101
E-E Admin
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question