[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Changed my Windows login password but I can still login with my old password

Posted on 2010-03-22
13
Medium Priority
?
2,145 Views
Last Modified: 2012-05-09
Hi Experts,

I recently put in place a strong password policy using GPO. My Domain Controller is on Windows Server 2003 Standard. Now, after being prompted to change the password, i am able to change it successfully to a new strong password which meets the complexity that has been set. However, I am still able to login with the old password. I have noticed this on the two test PCs that I am using. One is on Windows Vista and the other on Windows XP SP3. The other thing to note is that with the old password, i am not able to access all the resources such as mapped network drives, but the point is that I can still login with my old password. Please assist
0
Comment
Question by:cimani1000
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 12

Expert Comment

by:Julian123
ID: 28314564
Do you have more than 1 DC? If so, wait a few minutes for replication. Also, ensure your personal PC is on the network to connect to the DC and not using cached credentials.
0
 
LVL 12

Expert Comment

by:Julian123
ID: 28314746
Following up on the answer above, XP and Vista by default will cache credentials for previous logins. This is what allows you to log into your laptop if you take your laptop out of the office and cannot contact a domain controller.  The reason mapped network drives no longer work is that credentials are not cached for those so your old username and password will not work.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 28315472
Remove the local password cache and check whether you can able to login with the Current password.

Refer teh below link to remove the password cache..
http://www.pctools.com/guides/registry/detail/124

If the user unable to login by using the new password , then check the conectivity of the TWO systems.
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
LVL 70

Expert Comment

by:KCTS
ID: 28315550
This does sound like a cached credentials issue. As Julian123 has said, windows will cache previously sucessful logon credentials (b default) to allow users ro log onto laptops etc, when they are not connected to the domain. Once you are connected to the domain again, then the new password will take effect.

I suppose another alternative may be that you had a local account, with the same credentials and were using the local account to logon to the local machine (...this computer), and were then using domain credentials to access a network drive, if so then make sure that you log onto the DOMAIN, not ...this computer.
0
 

Author Comment

by:cimani1000
ID: 28320842
thanks for the swift replies.

Julian123:

I have 2 DCs, one being the alternate. This change took place over a week ago so I don't think it's an issue of giving it more time.

All:
So will I have to remove the local password cache for all the PCs on the LAN. I have about 60 PCs and this may be a challenge. Also what happens when the passwords expire.  I still want the users to be able to login to their PCs even when the DC is not available, or when the laptop users are away from the LAN. What I need is to have the cache keep the latest password only.
0
 
LVL 12

Expert Comment

by:Julian123
ID: 28321361
You can control password caching with group policy, here's how: http://technet.microsoft.com/en-us/library/cc755473(WS.10).aspx

As a side note, replication will take place in much less than a week. I'd make sure that there is no issue with the DC's replicating with one another and no issues with the desktop you are using.
0
 
LVL 3

Expert Comment

by:rizla7
ID: 28329688
i would disjoin the 2 machines in question from the domain and rejoin them if possible.
0
 

Author Comment

by:cimani1000
ID: 28344558
Julian123:
Does this mean that is i want to only have set the Interactive logon to 1, so that it only keeps the latest password in cache?

rizla7:
Dis-joining will mean:
1) I have to do it for all the 60 PCs on the LAN
2) I have to be doing this each time when the passwords expire
0
 
LVL 3

Accepted Solution

by:
rizla7 earned 750 total points
ID: 28345742
ok i was under the impression it was only the 2 machines.

as Julian suggest then, check that replication is functioning as expected.

if you wanna get lazy try removing 1 dc, test authentication. then remove other dc, test authentication.
0
 

Author Comment

by:cimani1000
ID: 28357507
Hmm.. Replication seems to be  working fine
0
 

Author Comment

by:cimani1000
ID: 28420597
Hi, I've just made the following observation: This problem whereby I can access an account with both the new and the old passwords only applies to those accounts that are Domain Admins. It does not affect the Domain Users group who are the majority. Any thoughts?
0
 

Author Closing Comment

by:cimani1000
ID: 32343636
There was actually a problem with replication between two DCs. Had to demote one and promote it
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question