How can I prevent users from changing their passwords except when Windows 2000 prompts them to?

John Savill

February 4, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. You can configure your domain via a group policy so that users can change their passwords only when the system prompts them:

  1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (Start, Programs, Administrative Tools, Active Directory Users and Computers).

  2. Right-click the container (site/domain or organizational unit—OU) you want to enforce the policy on, and select Properties.

  3. Select the Group Policy tab.

  4. Select the policy and click Edit.

  5. Expand User Configuration, Administrative Templates, System, Logon/Logoff.

  6. Double-click Disable Change Password, and on the Policy tab, select Enabled.

  7. Click Apply, then OK.

  8. Close all dialog boxes.

  9. Refresh the policy with the following command:

    C:> secedit /refreshpolicy user_policy
    
    

You can also configure this feature on a per-user basis. Perform the following steps:

  1. Start regedit.exe.

  2. Go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies.

  3. If the System key exists, select it. Otherwise create it (Edit, New, Key, System).

  4. Under System, create a new value of type DWORD (Edit, New, DWORD value).

  5. Type a name of DisableChangePassword, and press Enter.

  6. Double-click the new value, and set it to 1. Click OK.

  7. Close regedit.

You don't need to log off; the change takes effect immediately.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like