Solved

User keeps being prompted to change their password

Posted on 2004-08-03
22
596 Views
Last Modified: 2010-03-18
I'm running a Windows 2000 Domain, with Windows 2000 Professional Clients.  I have one user that is prompted constantly to change his password (like every 4 days).  This goes against all the effective policies that are set at all levels.  I've also updated the machine and have reset his password, and have double checked the policy settings.  I can't find the issue.  Please help!
0
Comment
Question by:jigitty
  • 7
  • 6
  • 5
  • +3
22 Comments
 
LVL 15

Assisted Solution

by:adamdrayer
adamdrayer earned 100 total points
ID: 11709304
In Active Directory User and Computers, Right-Click the users name and select properties.  On one of those tabs, is the option to force user to change password every so often.
0
 

Author Comment

by:jigitty
ID: 11709513
adamdrayer,

I have checked all the Active Directory Options regarding passwords.  All of those options were unchecked and the user's password is not set to expire at a certain time.  Thanks for the help.  Any other advice would be greatly appreciated.
0
 
LVL 4

Assisted Solution

by:james_in_hardware
james_in_hardware earned 100 total points
ID: 11709662
So I am guessing you are managing the users thru AD and not as a stand alone correct?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 11

Expert Comment

by:Eric
ID: 11709686
Do a GPresult to see if a GPO is overriding the user setting.
Or download tha tnew GP managment tool for XP
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11709815
>>All of those options were unchecked

just making doubly sure...  password never expires should BE checked maybe?

0
 
LVL 4

Expert Comment

by:james_in_hardware
ID: 11709844
Yes.........unless you want to set them up to require a password change every certain number of days for secuirty reasons.
0
 

Author Comment

by:jigitty
ID: 11710304
james in hardware is correct....we have it set so that the user must change their password every 45 days, however, for this user.... he changes it, and its telling him he needs to reset his password in 4 days AGAIN, and I don't understand why its doing that.....thanks for your help guys I really appreciate it, keep the ideas coming please!

P.S. we are managing users through AD, sorry i guess i didn't make that clear.

I'm thinking it HAS to be a policy but the only policy we have set is at the domain.  there are no other policies.  and if i'm correct domain overrides local policies right?!?!
0
 
LVL 4

Expert Comment

by:james_in_hardware
ID: 11710449
Yes....domain policys override local polices..........is this user attached to any other groups that the others are not?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11710493
Run this on the PC in question:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp

post the result.  Do verbose, not very verbose.
at a command line do the gpresult /? to see command line switches.
0
 
LVL 4

Expert Comment

by:james_in_hardware
ID: 11710498
We could delete the user and recreate him since it probally will not be a big deal thru Active directory and then that will set him to only defaults and then add him to the nec. groups........that will enable us to make sure he has no added policys on his user account.
0
 
LVL 11

Assisted Solution

by:kabaam
kabaam earned 100 total points
ID: 11710552
Just a thought.  AD should remember when the last time the user changed the password. Try changing the password on the server and see if the results are the same.
Is this user changing their password on the same computer each time?
Are any other users using the same computer to do so?
Does this user have a local account on the computer or just the domain account?
0
 
LVL 4

Expert Comment

by:james_in_hardware
ID: 11710578
You shouldnt be able to setup a password reset policy by a certain number of days on a local machine if I am not mistaken.
0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 100 total points
ID: 11714381
I would reset the local machine and possibly the user policy, then reapply the domain policy.  Group policies SHOULD override local policies, but if there has been misconfiguration in the past, then they won't always work properly.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11715749
check whish DC the client is logging into also.  Verify the policy is being replicated to that heap.  Duno why it would only be one PC though unless you setup a perfered server policy of some sort.
0
 

Author Comment

by:jigitty
ID: 11716443
The only policy set is at the domain root.  The OU's have no policies.  Today I'm going to check his policies again, then reset the machine on Active Directory.  Last resort would be to delete the account and recreate it, because then I'll have to reset all his permissions to network drives.  I'll let everyone know what happens.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11716590
Try the gpresult before doing this..  I had a simular problem.. and fixed it by something I found this way.  Plus you will feel better if you know why its happening vs. blowing out an account and no knowing.  (which you still may have to do, but should be a last resort.)

do the output to a text file   command > gpo_username.txt            ( "> filename"  sends out put of any command line to a file instead of screen)

post the results

0
 

Author Comment

by:jigitty
ID: 11763779
Sorry it has been so long everyone, I've been waiting on the user to report back to me.  I reset his machine on the domain.  Also, from the gpresult, he's was only getting local and default domain policy (set at the root of the domain, and overrides the local policy).  So far after wiping the machine from the domain, everything seems to be ok.  It may be a while before I can give out the points because I need to make sure this is working.  But if you have any other suggestions please let me know.
0
 

Author Comment

by:jigitty
ID: 12005763
Hello again,

Well the user reported back to me, and the problem still exists.  I reset his computer on the Domain, and I reset his password.  He didn't have to reset it at all for the correct amount of time. After the time period he was prompted to change it and now its prompting to change his password every 4 days.

HELP!!!!!!! PLEASE!
0
 
LVL 11

Accepted Solution

by:
Eric earned 100 total points
ID: 12008129
does he have the same problem on a different machine?
could be a corupt profile
0
 

Author Comment

by:jigitty
ID: 12163702
Update...like 2 weeks ago I gave the user another logon.  I have him logon at least once a day.  We'll see if this user does the same thing.  I haven't forgotten about this, just still testing everything.
0
 
LVL 11

Expert Comment

by:Eric
ID: 12163807
I know how that goes ;)

I have a few Q's doing the same thing... it can take time depending what it is.

G-luck
0
 

Author Comment

by:jigitty
ID: 12436678
Well I haven't forgotten about this....i talked to the user today, and he said it magically stopped.  HOWEVER, another user came to me today and had the same exact problem. Go figure! So i'm at a loss!  I apologize for the length of time its been.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question