We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
7 days, left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
"The Password Cannot Be Changed at This Time" Error Message When You Try to Change a User's Password
Posted on 2012-12-27
Earlier in the default domain policy I had complex password enabled and minimum to 1.. now I have changed all that based on this article
http://support.microsoft.com/kb/273004
i have users still with the issue that they can't change the password because of complex passwords required and more then 6 characters. I have done a gpudate on the machines and still no luck. Any suggestions why its still trying to use the old default domain policy when it has it been modified?
http://support.microsoft.com/kb/273004
i have users still with the issue that they can't change the password because of complex passwords required and more then 6 characters. I have done a gpudate on the machines and still no luck. Any suggestions why its still trying to use the old default domain policy when it has it been modified?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
11
5
- +1
18 Comments
At the end of that article it mentions that you need to refresh the security policy on the DC - not just the workstations. Did you do that?
Have you tried the steps below:
Run “gpmc.msc” or click “Start -> Administrative Tools -> Group Policy Management”
Expand Group Policy Management -> Forest: <domain> -> Domains -> <domain>
Right click Default Domain Policy and click edit.
Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
Edit your password complexity.
The link you have above shows changes for age but not for complexity.
Also be sure to run gpupdate /force from clients when done.
Run “gpmc.msc” or click “Start -> Administrative Tools -> Group Policy Management”
Expand Group Policy Management -> Forest: <domain> -> Domains -> <domain>
Right click Default Domain Policy and click edit.
Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
Edit your password complexity.
The link you have above shows changes for age but not for complexity.
Also be sure to run gpupdate /force from clients when done.
Yes, I have refreshed the policy on the domain controllers and i have even rebooted the two domain controllers which is why i'm a little shocked that its not taking the new policy changes.
Active today
Now, the catch is that your systems may have a Group Policy Tattoo. Meaning, they may not let go of the original setting.
Verify in one of the affected machine's local policy if the setting is indeed 0 on that local machine.
Philip
Verify in one of the affected machine's local policy if the setting is indeed 0 on that local machine.
Philip
hmmmm thanks Phillip.. How would i verify on the affected machine local policy if it is 0.. same process of the default domain policy settings?
And I'm wondering if that is the case "tatooed".. not letting go of the orginial setting, how do clear it on the machine? I was thinking the same thing but I can't seem to find out how to clear the machine cache??
Active today
On Windows Vista and above:
Click Start --> type secpol.msc --> CTRL+ENTER --> UAC --> Approve/Consent.
That's where it is.
P.
Click Start --> type secpol.msc --> CTRL+ENTER --> UAC --> Approve/Consent.
That's where it is.
P.
Ok.. that's interesting.. I just looked at that machine and even though i did a gpupdate /force and rebooted the machine, it appears that its still taking the orginal one.. How in the world do I clear that on the machine?
Active today
Try logging in with a user that has not logged into the machine before. Is the setting still there?
P.
P.
Ok.. this is weird on one machine another user logged in shows different, and another machine a different user logged in shows same orginal policy.. Weird.
Active today
Windows 7?
Elevate a command prompt and:
gpresult /h c:\UserNameGPResults.html [Enter]
Copy the result out to a management folder and open in IE. Allow if prompted by IE Security.
You should see where the GPOs are coming from.
P.
Elevate a command prompt and:
gpresult /h c:\UserNameGPResults.html [Enter]
Copy the result out to a management folder and open in IE. Allow if prompted by IE Security.
You should see where the GPOs are coming from.
P.
This is extremely strange, on the default domain policy, I have made the modications but when i ran the secpol.msc on the domain controller it has the old settings.. Is it safe to make those changes on the DC for Local Security policies?
also, this was a migrated computer to a new domain so i can see some lingering polcies from the other domain.. so how can i clear out all the policies and them re-applied and strangely about the domain controller policy default domain is set to the orginal.. I will make that change now..
I was able to make the password change on the machine after making the local security policy on the domain controller the same as the default domain policy.
However, when i checked the account policy on the machine, it appears that its still not pulling it from the default domain policy and doing the gpresults, i can't see anywhere the default domain policy apply??? am I missing something here?
However, when i checked the account policy on the machine, it appears that its still not pulling it from the default domain policy and doing the gpresults, i can't see anywhere the default domain policy apply??? am I missing something here?
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| LDAP Setup | 6 | 63 | |
| Can someone explain to me virtual processors vs logical processors and cores? | 14 | 114 | |
| Unable to login to a PC with Domain Admin Credentials | 14 | 80 | |
| Ransomware case | 23 | 105 |
In-place Upgrading Dirsync to Azure AD Connect
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions.
Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month7 days, left to enroll
732 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.