cimani1000
asked on
Changed my Windows login password but I can still login with my old password
Hi Experts,
I recently put in place a strong password policy using GPO. My Domain Controller is on Windows Server 2003 Standard. Now, after being prompted to change the password, i am able to change it successfully to a new strong password which meets the complexity that has been set. However, I am still able to login with the old password. I have noticed this on the two test PCs that I am using. One is on Windows Vista and the other on Windows XP SP3. The other thing to note is that with the old password, i am not able to access all the resources such as mapped network drives, but the point is that I can still login with my old password. Please assist
I recently put in place a strong password policy using GPO. My Domain Controller is on Windows Server 2003 Standard. Now, after being prompted to change the password, i am able to change it successfully to a new strong password which meets the complexity that has been set. However, I am still able to login with the old password. I have noticed this on the two test PCs that I am using. One is on Windows Vista and the other on Windows XP SP3. The other thing to note is that with the old password, i am not able to access all the resources such as mapped network drives, but the point is that I can still login with my old password. Please assist
Do you have more than 1 DC? If so, wait a few minutes for replication. Also, ensure your personal PC is on the network to connect to the DC and not using cached credentials.
Following up on the answer above, XP and Vista by default will cache credentials for previous logins. This is what allows you to log into your laptop if you take your laptop out of the office and cannot contact a domain controller. The reason mapped network drives no longer work is that credentials are not cached for those so your old username and password will not work.
Remove the local password cache and check whether you can able to login with the Current password.
Refer teh below link to remove the password cache..
http://www.pctools.com/guides/registry/detail/124
If the user unable to login by using the new password , then check the conectivity of the TWO systems.
Refer teh below link to remove the password cache..
http://www.pctools.com/guides/registry/detail/124
If the user unable to login by using the new password , then check the conectivity of the TWO systems.
This does sound like a cached credentials issue. As Julian123 has said, windows will cache previously sucessful logon credentials (b default) to allow users ro log onto laptops etc, when they are not connected to the domain. Once you are connected to the domain again, then the new password will take effect.
I suppose another alternative may be that you had a local account, with the same credentials and were using the local account to logon to the local machine (...this computer), and were then using domain credentials to access a network drive, if so then make sure that you log onto the DOMAIN, not ...this computer.
I suppose another alternative may be that you had a local account, with the same credentials and were using the local account to logon to the local machine (...this computer), and were then using domain credentials to access a network drive, if so then make sure that you log onto the DOMAIN, not ...this computer.
ASKER
thanks for the swift replies.
Julian123:
I have 2 DCs, one being the alternate. This change took place over a week ago so I don't think it's an issue of giving it more time.
All:
So will I have to remove the local password cache for all the PCs on the LAN. I have about 60 PCs and this may be a challenge. Also what happens when the passwords expire. I still want the users to be able to login to their PCs even when the DC is not available, or when the laptop users are away from the LAN. What I need is to have the cache keep the latest password only.
Julian123:
I have 2 DCs, one being the alternate. This change took place over a week ago so I don't think it's an issue of giving it more time.
All:
So will I have to remove the local password cache for all the PCs on the LAN. I have about 60 PCs and this may be a challenge. Also what happens when the passwords expire. I still want the users to be able to login to their PCs even when the DC is not available, or when the laptop users are away from the LAN. What I need is to have the cache keep the latest password only.
You can control password caching with group policy, here's how: http://technet.microsoft.com/en-us/library/cc755473(WS.10).aspx
As a side note, replication will take place in much less than a week. I'd make sure that there is no issue with the DC's replicating with one another and no issues with the desktop you are using.
As a side note, replication will take place in much less than a week. I'd make sure that there is no issue with the DC's replicating with one another and no issues with the desktop you are using.
i would disjoin the 2 machines in question from the domain and rejoin them if possible.
ASKER
Julian123:
Does this mean that is i want to only have set the Interactive logon to 1, so that it only keeps the latest password in cache?
rizla7:
Dis-joining will mean:
1) I have to do it for all the 60 PCs on the LAN
2) I have to be doing this each time when the passwords expire
Does this mean that is i want to only have set the Interactive logon to 1, so that it only keeps the latest password in cache?
rizla7:
Dis-joining will mean:
1) I have to do it for all the 60 PCs on the LAN
2) I have to be doing this each time when the passwords expire
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hmm.. Replication seems to be working fine
ASKER
Hi, I've just made the following observation: This problem whereby I can access an account with both the new and the old passwords only applies to those accounts that are Domain Admins. It does not affect the Domain Users group who are the majority. Any thoughts?
ASKER
There was actually a problem with replication between two DCs. Had to demote one and promote it