NT Gatekeeper: Resetting Passwords in an Untrusted Domain

I've implemented a separate Windows NT 4.0 domain, which I call the HR domain, to host file servers that hold confidential human resources (HR) information. Because the HR domain and the production domain don't trust each other, I need to define separate user accounts in the HR domain for HR employees. The HR employees must be able to change the passwords of these HR domain accounts, but can they do so if their workstations aren't members of the HR domain?

Yes. To change an HR account's password from a machine that's a member of the production domain, an HR employee needs to log on by using his or her production domain account, then take these steps:

  1. Press Ctrl+Alt+Del to open the Windows NT Security dialog box.
  2. Select Change Password.
  3. Enter the HR domain username in the User name text box.
  4. Enter the name of the HR domain's PDC in the Domain text box.
  5. Enter the HR domain account's old password in the Old Password text box.
  6. Enter the HR domain account's new password in the New Password text box.
  7. Re-enter the new password in the Confirm New Password text box.
  8. Click OK.

If the password change is successful, the user will see a dialog box that declares Your password has been changed. If the user doesn't see this message, the system might not have been able to resolve the HR domain's PDC name. To test PDC name resolution, try to ping the PDC by using its NetBIOS name.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.