Blake
June 2nd 03, 04:37 PM
Xref: kermit microsoft.public.windowsxp.network_web:116995
We have a native mode AD domain running only Win2K SP3 DCs. All Windows
2000 Pro clients can change passwords with no problem. Our 4 people with
Windows XP Pro stations cannot - they all get 'you do not have permission to
change your password'. Has anyone seen this? Is there a solution? I have
tried the following:
1) setting the domain level policy for 'additional restrictions for
anonymous connections' to 'do not allow enumeration of SAM accounts and user
names'.
2) I have given the EVERYONE group 'change password' permission on the OU
where the user IDs are stored.
I can't give a logical explanation why these might work, but I have seen
some threads where they were suggested. It is clearly something that works
from a 2Kpro machine but not XP, so how could it be permissions on the DC?
Please help
Blake
We have a native mode AD domain running only Win2K SP3 DCs. All Windows
2000 Pro clients can change passwords with no problem. Our 4 people with
Windows XP Pro stations cannot - they all get 'you do not have permission to
change your password'. Has anyone seen this? Is there a solution? I have
tried the following:
1) setting the domain level policy for 'additional restrictions for
anonymous connections' to 'do not allow enumeration of SAM accounts and user
names'.
2) I have given the EVERYONE group 'change password' permission on the OU
where the user IDs are stored.
I can't give a logical explanation why these might work, but I have seen
some threads where they were suggested. It is clearly something that works
from a 2Kpro machine but not XP, so how could it be permissions on the DC?
Please help
Blake