Announcement

Collapse
No announcement yet.

You are not Authorized to change your password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • You are not Authorized to change your password

    I have a Windows 2000 AD domain that has been working well for over 4 years. My motto is, if it's not broke, don't fix it. With being said, I have not made any global or local security changes in quite some time. About a week ago, a message started appearing when users try to change their password telling them that they are not authorized to change it. If they do it from the server, it allows the change. If they try from the client, it won't allow it and gives them the autorization message. What could be causing this issue?

  • #2
    Re: You are not Authorized to change your password

    More info would be great:

    Server OS and Service Pack Level?
    Client OS and Service Pack Level?
    Does this happen for all users?
    Does the same issue happen for a new user?
    Have you made any changed to the Domain GP recently?

    The more info you supply the better we can help you

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: You are not Authorized to change your password

      If you start Active Directory Users and Computers, go to the properties of a user account and check out the Account tab - is the account option "User cannot change password" ticked? (hope the 2000 AD loks the same as the 2003 AD, I cannot remember)
      A wise man once said: "Assumption is the mother of all fu*k ups".

      Any advice I give is to the best of my knowledge, there is no guarantee what so ever that it will actually work in your particular scenario. I will not accept any responsibility for unexpected consequences, after all - you are taking advice from a complete stranger over the internet. =)

      Comment


      • #4
        Re: You are not Authorized to change your password

        Sorry, I should have provided more info.

        The PDC is a Windows 2000 Server SP4. I have a 2nd DC which is also a Windows 2000 Server SP4 and SQL Server 2000 SP4. There is a Windows 2003 Server also with Exchange 2003. All three have AD running. All of the clients are Windows XP Pro SP2. Here is everything I know... As stated in my post, I have made "0" changes to the servers in about a year with regard to Global Policies, Global Security, and/or Local policies and security. I have not made any changes at all except for security updates from Microsoft. Last week I created a new user with a roaming profile and set the account to "Require Password Change at next Logon". When the new user logged on, he was prompted to change his password and that is when he got the message. I tried to change it as well thinking he did not meet the password criteria to no avail. I have a password policy that requires passwords to be changed every 90 days. Yesterday, another user came to me saying it wouldn't allow her to change her password either. So, I am assuming it is for everyone. However, this morning I rebooted the PDC and when she came in and logged on, she was allowed to change it. I have been able to change the other users password too. It was a simple reboot, but I have never seen this before and was wondering why it started to begin with.

        Comment


        • #5
          Re: You are not Authorized to change your password

          I think some security editings were done. Just restore your default security options, and things should work fine after that.
          Best regards,
          Mostafa Itani

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: You are not Authorized to change your password

            Just a note here to Sanvour's solution you can use AD command line "dsquery" to see if there are any discrepancies with settings

            Tech Net Article
            The Univurse is still winning!

            W2K AD, WSUS, RIS 2003. ISA also AVG Server
            ** If contributors help you, recognise them and give reputation points where appropriate **

            Comment

            Working...
            X