JSI Tip 2447. Where did 'User Must Log On in Order to Change Password' go in Windows 2000?

The Group Policy Help file, Gp.chm, contains the following:

User must log on to change password

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

Description: Determines whether users have to log on before they can change their password.

By default, this setting is disabled in the Default Domain Group Policy object (GPO) and in the local security policy of
 workstations and servers. 

If this policy is enabled, then users have to log on before changing their password. Thus, if a user's password expires,
 the user will not be able to change the expired password, but must instead have an administrator reset the password. 
This documented behavior is just like Windows NT 4.0, but the author failed to realize that the option has been removed in Windows 2000.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.