JSI Tip 2367. Users can NOT change password without logging on to a Windows 2000 domain?

If you use a password policy in your Windows 2000 domain, Active Directory users may receive You do not have permission to change your password when they attempt to change their password in response to a password change notification.

If the user clicks No in response to the password change notification, they are logged on with their existing password. They can then change their password.

Chances are that the Everyone group has not been granted the right to Change Password on the User object.

1. In the Active Directory Users and Computers snap-in, right-click your domain.

2. On the View menu, select Advanced Features.

3. Right-click Users (the container hosting the user object) and press Properties.

4. On the Security tab, if the Everyone group is not present in the Name box, Press Advanced and Add it.

5. On the Advanced tab, select the Everyone group.

6. Press View/Edit and select User Objects in the Apply onto box.

7. In the Permissions list, check the Change Password permission Allow box.

8. Press OK and/or Apply till you are finished.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.