Every 7 days, a Windows NT Workstation that is part of a domain, changes it's secure channel password and sends it to a domain controller.
Prior to SP4, this information was replicated immediately. Starting with SP4, the replication waited for the next replication pulse.
If you have 1,000 workstations, a computer account would change every 10 minutes:
7 x 24 x 60 / 1000 = 10 minutes
A new registry entry allows configuration of the password change interval on a Workstation or BDC. Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Add Value name MaximumPasswordAge as a type REG_DWORD. In the DWORD Editor, toggle the Decimal radix and enter the number of days. The default is 7 and the range is 1 to 1,000,000.
You can also disable the password change if you Add Value name DisablePasswordChange, also a REG_DWORD, and set it to 1.
You can also refuse the password change at the PDC by navigating to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Add Value name RefusePasswordChange, a type REG_DWORD, and set it to 1.
NOTE: In Windows 2000, default is 30 days.
