Solved

User keeps being prompted to change their password

Posted on 2004-08-03
22
594 Views
Last Modified: 2010-03-18
I'm running a Windows 2000 Domain, with Windows 2000 Professional Clients.  I have one user that is prompted constantly to change his password (like every 4 days).  This goes against all the effective policies that are set at all levels.  I've also updated the machine and have reset his password, and have double checked the policy settings.  I can't find the issue.  Please help!
0
Comment
Question by:jigitty
  • 7
  • 6
  • 5
  • +3
22 Comments
 
LVL 15

Assisted Solution

by:adamdrayer
adamdrayer earned 100 total points
Comment Utility
In Active Directory User and Computers, Right-Click the users name and select properties.  On one of those tabs, is the option to force user to change password every so often.
0
 

Author Comment

by:jigitty
Comment Utility
adamdrayer,

I have checked all the Active Directory Options regarding passwords.  All of those options were unchecked and the user's password is not set to expire at a certain time.  Thanks for the help.  Any other advice would be greatly appreciated.
0
 
LVL 4

Assisted Solution

by:james_in_hardware
james_in_hardware earned 100 total points
Comment Utility
So I am guessing you are managing the users thru AD and not as a stand alone correct?
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
Do a GPresult to see if a GPO is overriding the user setting.
Or download tha tnew GP managment tool for XP
0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
>>All of those options were unchecked

just making doubly sure...  password never expires should BE checked maybe?

0
 
LVL 4

Expert Comment

by:james_in_hardware
Comment Utility
Yes.........unless you want to set them up to require a password change every certain number of days for secuirty reasons.
0
 

Author Comment

by:jigitty
Comment Utility
james in hardware is correct....we have it set so that the user must change their password every 45 days, however, for this user.... he changes it, and its telling him he needs to reset his password in 4 days AGAIN, and I don't understand why its doing that.....thanks for your help guys I really appreciate it, keep the ideas coming please!

P.S. we are managing users through AD, sorry i guess i didn't make that clear.

I'm thinking it HAS to be a policy but the only policy we have set is at the domain.  there are no other policies.  and if i'm correct domain overrides local policies right?!?!
0
 
LVL 4

Expert Comment

by:james_in_hardware
Comment Utility
Yes....domain policys override local polices..........is this user attached to any other groups that the others are not?
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
Run this on the PC in question:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp

post the result.  Do verbose, not very verbose.
at a command line do the gpresult /? to see command line switches.
0
 
LVL 4

Expert Comment

by:james_in_hardware
Comment Utility
We could delete the user and recreate him since it probally will not be a big deal thru Active directory and then that will set him to only defaults and then add him to the nec. groups........that will enable us to make sure he has no added policys on his user account.
0
 
LVL 11

Assisted Solution

by:kabaam
kabaam earned 100 total points
Comment Utility
Just a thought.  AD should remember when the last time the user changed the password. Try changing the password on the server and see if the results are the same.
Is this user changing their password on the same computer each time?
Are any other users using the same computer to do so?
Does this user have a local account on the computer or just the domain account?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Expert Comment

by:james_in_hardware
Comment Utility
You shouldnt be able to setup a password reset policy by a certain number of days on a local machine if I am not mistaken.
0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 100 total points
Comment Utility
I would reset the local machine and possibly the user policy, then reapply the domain policy.  Group policies SHOULD override local policies, but if there has been misconfiguration in the past, then they won't always work properly.
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
check whish DC the client is logging into also.  Verify the policy is being replicated to that heap.  Duno why it would only be one PC though unless you setup a perfered server policy of some sort.
0
 

Author Comment

by:jigitty
Comment Utility
The only policy set is at the domain root.  The OU's have no policies.  Today I'm going to check his policies again, then reset the machine on Active Directory.  Last resort would be to delete the account and recreate it, because then I'll have to reset all his permissions to network drives.  I'll let everyone know what happens.
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
Try the gpresult before doing this..  I had a simular problem.. and fixed it by something I found this way.  Plus you will feel better if you know why its happening vs. blowing out an account and no knowing.  (which you still may have to do, but should be a last resort.)

do the output to a text file   command > gpo_username.txt            ( "> filename"  sends out put of any command line to a file instead of screen)

post the results

0
 

Author Comment

by:jigitty
Comment Utility
Sorry it has been so long everyone, I've been waiting on the user to report back to me.  I reset his machine on the domain.  Also, from the gpresult, he's was only getting local and default domain policy (set at the root of the domain, and overrides the local policy).  So far after wiping the machine from the domain, everything seems to be ok.  It may be a while before I can give out the points because I need to make sure this is working.  But if you have any other suggestions please let me know.
0
 

Author Comment

by:jigitty
Comment Utility
Hello again,

Well the user reported back to me, and the problem still exists.  I reset his computer on the Domain, and I reset his password.  He didn't have to reset it at all for the correct amount of time. After the time period he was prompted to change it and now its prompting to change his password every 4 days.

HELP!!!!!!! PLEASE!
0
 
LVL 11

Accepted Solution

by:
Eric earned 100 total points
Comment Utility
does he have the same problem on a different machine?
could be a corupt profile
0
 

Author Comment

by:jigitty
Comment Utility
Update...like 2 weeks ago I gave the user another logon.  I have him logon at least once a day.  We'll see if this user does the same thing.  I haven't forgotten about this, just still testing everything.
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
I know how that goes ;)

I have a few Q's doing the same thing... it can take time depending what it is.

G-luck
0
 

Author Comment

by:jigitty
Comment Utility
Well I haven't forgotten about this....i talked to the user today, and he said it magically stopped.  HOWEVER, another user came to me today and had the same exact problem. Go figure! So i'm at a loss!  I apologize for the length of time its been.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now