Changed my Windows login password but I can still login with my old password

Hi Experts,

I recently put in place a strong password policy using GPO. My Domain Controller is on Windows Server 2003 Standard. Now, after being prompted to change the password, i am able to change it successfully to a new strong password which meets the complexity that has been set. However, I am still able to login with the old password. I have noticed this on the two test PCs that I am using. One is on Windows Vista and the other on Windows XP SP3. The other thing to note is that with the old password, i am not able to access all the resources such as mapped network drives, but the point is that I can still login with my old password. Please assist
cimani1000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian123Commented:
Do you have more than 1 DC? If so, wait a few minutes for replication. Also, ensure your personal PC is on the network to connect to the DC and not using cached credentials.
0
Julian123Commented:
Following up on the answer above, XP and Vista by default will cache credentials for previous logins. This is what allows you to log into your laptop if you take your laptop out of the office and cannot contact a domain controller.  The reason mapped network drives no longer work is that credentials are not cached for those so your old username and password will not work.
0
Venugopal NCommented:
Remove the local password cache and check whether you can able to login with the Current password.

Refer teh below link to remove the password cache..
http://www.pctools.com/guides/registry/detail/124

If the user unable to login by using the new password , then check the conectivity of the TWO systems.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Brian PiercePhotographerCommented:
This does sound like a cached credentials issue. As Julian123 has said, windows will cache previously sucessful logon credentials (b default) to allow users ro log onto laptops etc, when they are not connected to the domain. Once you are connected to the domain again, then the new password will take effect.

I suppose another alternative may be that you had a local account, with the same credentials and were using the local account to logon to the local machine (...this computer), and were then using domain credentials to access a network drive, if so then make sure that you log onto the DOMAIN, not ...this computer.
0
cimani1000Author Commented:
thanks for the swift replies.

Julian123:

I have 2 DCs, one being the alternate. This change took place over a week ago so I don't think it's an issue of giving it more time.

All:
So will I have to remove the local password cache for all the PCs on the LAN. I have about 60 PCs and this may be a challenge. Also what happens when the passwords expire.  I still want the users to be able to login to their PCs even when the DC is not available, or when the laptop users are away from the LAN. What I need is to have the cache keep the latest password only.
0
Julian123Commented:
You can control password caching with group policy, here's how: http://technet.microsoft.com/en-us/library/cc755473(WS.10).aspx

As a side note, replication will take place in much less than a week. I'd make sure that there is no issue with the DC's replicating with one another and no issues with the desktop you are using.
0
rizla7Commented:
i would disjoin the 2 machines in question from the domain and rejoin them if possible.
0
cimani1000Author Commented:
Julian123:
Does this mean that is i want to only have set the Interactive logon to 1, so that it only keeps the latest password in cache?

rizla7:
Dis-joining will mean:
1) I have to do it for all the 60 PCs on the LAN
2) I have to be doing this each time when the passwords expire
0
rizla7Commented:
ok i was under the impression it was only the 2 machines.

as Julian suggest then, check that replication is functioning as expected.

if you wanna get lazy try removing 1 dc, test authentication. then remove other dc, test authentication.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cimani1000Author Commented:
Hmm.. Replication seems to be  working fine
0
cimani1000Author Commented:
Hi, I've just made the following observation: This problem whereby I can access an account with both the new and the old passwords only applies to those accounts that are Domain Admins. It does not affect the Domain Users group who are the majority. Any thoughts?
0
cimani1000Author Commented:
There was actually a problem with replication between two DCs. Had to demote one and promote it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.