Michael A. Covington
December 5th 03, 07:48 PM
We have a Windows 2000 roaming user profiles network and we are starting to add some Windows XP client machines. For the most part, everything is going very smoothly.
However, we do have one problem.
When we set up new accounts, they have a default password and are required to change their password immediately.
And if the owner of a new account happens to log in on a XP client rather than a Windows 2000 client, he can't do that. He is prompted for the original password; gives it; is told "You must change your password" or words to that effect; is prompted for a new password; and is told, "You do not have permission to change your password." Frustration!
This is only because he's trying to change his password before his first complete login. If I let him log in (by resetting his password for him), then he can change his password just fine.
Clearly, it's a permission issue. But it's *not* the permissions issues described in:
http://www.mike-tech.com/article.php?gif=win2k&article=165
http://www.jsiinc.com/SUBE/tip2300/rh2367.htm
We have *not* added any restrictions to remote access. Thus, as far as I can tell, this is *not* the problem described in
http://www.der-keiler.de/Newsgroups/microsoft.public.win2000.security/2002-06/2382.html
either.
What else could it be? How can I definitively check that the right permissions exist, and correct them if they need correcting?
Note that new-account-holders using Windows 2000 client machines are unaffected.
Thanks!
However, we do have one problem.
When we set up new accounts, they have a default password and are required to change their password immediately.
And if the owner of a new account happens to log in on a XP client rather than a Windows 2000 client, he can't do that. He is prompted for the original password; gives it; is told "You must change your password" or words to that effect; is prompted for a new password; and is told, "You do not have permission to change your password." Frustration!
This is only because he's trying to change his password before his first complete login. If I let him log in (by resetting his password for him), then he can change his password just fine.
Clearly, it's a permission issue. But it's *not* the permissions issues described in:
http://www.mike-tech.com/article.php?gif=win2k&article=165
http://www.jsiinc.com/SUBE/tip2300/rh2367.htm
We have *not* added any restrictions to remote access. Thus, as far as I can tell, this is *not* the problem described in
http://www.der-keiler.de/Newsgroups/microsoft.public.win2000.security/2002-06/2382.html
either.
What else could it be? How can I definitively check that the right permissions exist, and correct them if they need correcting?
Note that new-account-holders using Windows 2000 client machines are unaffected.
Thanks!