Disallow change password from some computers

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - MS targeting BitTorret? http://it.slashdot.org/article.pl?sid=05/06/21/173237&from=rss -Im Tag: Disallow change password from some computers Tag: 72857
  - 2
    - UrlAllowList does not work for UNC paths on Windows 2000 Pro I have followed the instructions found in http://support.microsoft.com/kb/896054 under 'method 1 Modify the ItssRestrictions registry entry to enable a specific Web application' and it seems to work for Windows XP when the CHM file lives on a network resource being accessed by either a Mapped Drive or UNC path. It also seems to work for Windows 2000 only if the CHM is accessed using a mapped drive. It does not work for Windows 2000 if the CHM file is accessed using a UNC path. The only way I can access a CHM from a network resource using a UNC path on Windows 2000 is by using 'Method 2 Modify the ItssRestrictions registry entry to enable a specific security zone'. I would prefer to use method 1 for Windows 2000 since it's more secure, does anyone know if this is possibile. Thanks! Tag: Disallow change password from some computers Tag: 72855
  - 3
    - Windows 2000 server hacked I have a Windows 2000 server that was hacked. The OS partition is on a 4 gig drive. The OS and profiles take up about 1.5 gig. When I look at the drive properties, it says I only have 80 mb free. That means someone is storing almost 3 gig of stuff on my omputer. I have used every tool and command line I can to find the data, but nothing will read the directory structure. All attempts come back displaying just the data that was original to the system. The hackers must have done something to the system to hide" their data from anything that reads NTFS. I also cannot empty my recycle bin. It tells me that one of the folders is not empty. When I look at that folder nothing is in it. Does anyone have an idea on how to access this data so I can find it and delete it from my system. As of now, I am looking at the format/reload method, but I would rather not do that. Thanks in advance. Rick Tag: Disallow change password from some computers Tag: 72854
  - 4
    - ZoneAlarm Configuration Help ZA free version 5.5.094.000 (latest/current) on XP Home and W98SE Under Firewall Zones there is an entry for the Adapter Subnet that is apparently present by default 192.168.1.102. Also apparently by default it is set to the internet zone. If I understand correctly I was supposed to enter a range of IPs for my local workgroup 192.168.1.100-192.168.1.150 and set it to trusted; I did that. These IPs are assinged by DHCP from my Belkin wireless router which I set to assign starting at 192.168.1.100. Also I set the Belkin to have the IP/gateway address 192.168.1.77. Why is 192.168.1.102 for the local Adapter set to internet; it's a 3c905? It is possible to change it to trusted. Which is right? Currently 192.168.1.102 is both set to internet zone by the Adapter Subnet line and by the range line for the local workgroup which is set to trusted. What is the zone for 192.168.1.102 internet or trusted? Does the order a line appears in the zone list make any difference? So do I need to add a ZA zone entry 192.168.1.77 and set it to the internet zone? Tag: Disallow change password from some computers Tag: 72851
  - 5
    - Computer in a Workgroup Access in a Domain Setting I noticed that when a new computer is being built [Windows 2000, Windows XP or even a Windows 2003], and before it is added to the domain, it can access resources on a file server [a Windows 2000 server]. The domain is Windows 2003 functional. How can that be tightened down? Tag: Disallow change password from some computers Tag: 72846
  - 6
    - Windows Spyware Beta Does anyone have some comments regarding the Windows Spyware Beta download. I wanted to get some feedback before downloading. I want to get the good and bad side to help me to decide. Thank you in advance. -- gjm Tag: Disallow change password from some computers Tag: 72840
  - 7
    - signing in My cousin and I both sign in on this computer and as soon as we get on the main internet it signs me in. Mostly because i accidentally checked the sign in automatically box. I want to have nobody signed in automatically. How do i do that?? Tag: Disallow change password from some computers Tag: 72839
  - 8
    - Password on messanger I want to have my msn messanger password protected. I want it to ask for my password every time I want to sign in. Tag: Disallow change password from some computers Tag: 72836
  - 9
    - licensing Is there any licensing sofware that microsoft supply so such as a software asset management type of software for a company so it can be managed internally. If so could you please direct me to the link to find this. kind Regards Tag: Disallow change password from some computers Tag: 72833
  - 10
    - automatic log off of user after idle time Is there a way to configure Windows XP so that I am automatically logged off if I'm not at my computer for 5 or 10 min? I was able to set one comptuer this way, but I can't set this other computer. -- Laura, newbie Tag: Disallow change password from some computers Tag: 72831
  - 11
    - MS05-025 for NT4 with IE6 SP1 Anyone know if there is a patch for IE6-SP1 in NT4 other than IE6.0sp1-KB883939-SMS-Deploy-KB899950-x86-ENU.EXE? This patch apparently runs properly however MBSA keeps alerting to the fact that the patch is missing... Can I conclude that in fact there is no way of patching NT4 in order to address MS05-025? Any help into this matter would be appreciated. Thanks JCO Tag: Disallow change password from some computers Tag: 72826
  - 12
    - Security problems using XP SP2 I've got a service running as Local System account that calls CreateProcessWithLogonW to run a script as a certain administrator account. Like so: STARTUPINFOW si; PROCESS_INFORMATION pi; ZeroMemory( &si, sizeof(si) ); si.cb = sizeof(si); ZeroMemory( &pi, sizeof(pi) ); CreateProcessWithLogonW( L"admin", // username NULL, // domain L"admin", // password 0, // logon flags NULL, // No application name (use command line) &command[0], // command line 0, // No creation flags. NULL, // Use parent's environment block. NULL, // Use parent's starting directory. &si, // Pointer to STARTUPINFO structure. &pi ) // Pointer to PROCESS_INFORMATION structure. ) This worked fine until Service Pack 2 was installed, now the call fails with 'Access is denied'. However, if i change the service to run as the same 'admin' account used in the Create.. call there is no problem. I'd rather not have to do this. Anyone else had similar problems and know of a better (proper) solution?? Thanks in advance Paul Tag: Disallow change password from some computers Tag: 72821
  - 13
    - How to make my portable drive accessible to my account only on two Windows XP SP2? Hello How to make my portable drive accessible to my account only at my work and home Windows XP SP2 computers? My work Windows XP SP2 computer is in a domain. Tag: Disallow change password from some computers Tag: 72807
  - 14
    - CA autoenroll i am responsible of a network which is described as follows: 4 sites, (1,2,3,4) site (1) is center of replicatin to sites (2,3,4), while it have a high speed wan to site (2), the wan connection to sites (3,4) is some how slow with high latency. which forced me to use smtp site links as replication failed using IP site links, which lead me to install an enterprise CA, i did it before and everything was working ok, this time i face an autoenrollment access denied error which i fear will result in a problem in smtp replication. do i have a work around for this error? & what might be causing it? i know it might seem an Active directory question but it is replication is working ok between site (1,2) and also i got CA issuing cert's for basic EFS, the Root DC, & a Win XP computer, but i don't know why it isnot issuing for the other DC's? help is grealty appeciated as i have two sites (3,4) not replicating to root DC, thanks -- Eng. M William -- Eng. M William Tag: Disallow change password from some computers Tag: 72802
  - 15
    - Wallpaper Changed And Disabled Hi. This is my first time writing in here because I have never had anything this severe happen to me before. To begin I do have and always have had running Microsoft AntiSpyware and AVG AntiVirus. So it suprised me how this problem occured. Here's how it begins. I leave my computer on over night with active internet connection downloading the Battlefield 2 demo :) I wake up next morning to check the game out only to find my wallpaper has been changed to "System Stopped" and some annoying antispyware program that keeps popping up called "SpySherriff" that I never downloaded before in my life. The really mest up part is that when I try to change my wallpaper back to normal going under Display Properties and Desktop everything is all grayed out and I can't change or click anything. I ran virus checks and spyware checks with my programs. But found nothing! If you guys have any help to offer please please please let me know. Thanks. Tag: Disallow change password from some computers Tag: 72797
  - 16
    - How can you send 'malware' over port 443 to mywebserver ? Often I hear people saying that one of the benefits of an application layer firewall (let's say ISA 2004) is that SSL traffic can be unencrypted, scanned and then re-encrypted and sent to the respective webserver. My question is this: What's the mechanism that could allow somebody to send, let's say a virus or a malware over port 443 that could hurt my OWA server, for example ? Since people is retrieving data from such web server (that is now protected by ISA), I don't understand well the process that you could use to submit data over this SSL tunnel and hit the webserver that way. Tag: Disallow change password from some computers Tag: 72793
  - 17
    - Check if specific updates are installed Hello, Does some know some specific tool that can I check if 2 critical updates are installed on my workstations? How can I get this information from my OS? For example: I have to check if the patch MS05-0XX are installed in all my workstations (about 200 computers), I have the hostname of these computers. The idea is create some .bat file that can get each hostname and it do the checkup, it will generate a file that I can be able to import in MS Excel to generate the report. The OS installed on my computers are WIN2K and WINXP. Obs.: I don't have the SMS; MBSA check all patchs, I just want to check if 1 or 2 are installed. Thanks in advanced, -- Filipe Lussana Tag: Disallow change password from some computers Tag: 72792
  - 18
    - On-demand video won't work for me From: Thomas L. Jones, Ph.D., Computer Science The subject of this complaint is an on-demand video located at: http://www.microsoft.com/events/series/securityexperts.mspx#TechNet%20Webcasts You may have to take steps to work around a problem caused by the line break. I must say, it is difficult indeed to "demand" this video. I was already registered for Passport, but soon the software started asking me this, and asking me that. Finally, it asked me for my name, absolutely the last thing a program ever asks in a computer context. I mean, what is my name? Thomas Jones? Thomas L Jones? Thomas L. Jones? Dr. Thomas Jones, etc., etc. Then I was forced to change browsers. If the webcasts are Internet Explorer only, please say so at the top level. And get this: The videos are seemingly that d--- broadband only content, UNLABELED broadband only content. Finally, having tried for more than an hour, I gave up, cussing. Thomas L. Jones, Ph.D., curmudgeon Member, Society for the Abolition of Unlabeled Broadband-only Content DrJones6txnospamyq@alum.MIT.edu Tag: Disallow change password from some computers Tag: 72788
  - 19
    - Cant get rid of W32.Sober.O@mm I have norton anti +++ on my pc. tried the tool provided by Symantec / Norton + Mcafee (stinger). Still i cant get rid of this god damn worm. Can anyone give me a simplified version of what it does. How to get it out of my system. Regards Timmy Tag: Disallow change password from some computers Tag: 72781
  - 20
    - Problems logging out of Passport OK, I have been having repeated inability to log out of hotmail, by clicking "signout." It produces a screen that displays a red "x" next to hotmail meaning it was unable to log out. I have a suspicion that my account may have been co-opted by someone, as my computer has alerted that the certificate is not recognized and i received an email from an acquantaince that suggested I had sent them something I know I hadn't. Any ideas? Thanks. Tag: Disallow change password from some computers Tag: 72779
  - 21
    - mass storage device I have a flash USB 2 memory stick which was working perfectly. It now thinks it is a security device (not a mass storage device) and the computer (or any computer) can't open it - any suggestions what I've done or how I can access the valuable data on the stick Thanks Tag: Disallow change password from some computers Tag: 72770
  - 22
    - Smart Card based Logon & User ID and Password Hello group, Regarding Smart Card based logon, all of the documention I'm reading indicates that in order for this to work, the username field in AD must contain the EID number off of the Smart Card. My question is, is there a way to maintain the username field as an actual name instead of an IED? -- Nestor L. Cabrera Tag: Disallow change password from some computers Tag: 72753
  - 23
    - Firewall and Group Policy Hello: I currently have disabled MS firewall on LAN connections and enabled on Wireless and Dialup not allowing file and print sharing or remote desktop/assistance. For my users it is more important to keep them secure when not on our LAN which has a nice hardware firewall to protect them. I have been toying with the idea of enabling the firewall on XP machines and maybe 2003 servers through Group Policy allowing the exceptions necessary for me to remotely administer the services, update virus software, install patches, etc. My concern is Windows firewall does not allow exception for each individual connection, seems it is a one for all configuration. If you have Group Policy firewall connections will they also be applied when the user is not physically connected to the domain? Even if they sign onto domain using cached credentials? Needless to say it is more important to protect my laptops over unsupervised wireless and dialup connections than on our protected LAN. It would be a nice improvement to MS firewall to allow different exceptions for each connection. Thanks, Cindy Tag: Disallow change password from some computers Tag: 72752
  - 24
    - Do not have permission to view or edit permission settings for a folder Hello I get "You do not have permission to view or edit the current permission settings for (folder name), but you can change auditing settings." I how to regain access to this folder? This happened because I mistakenly removed every account except "CREATOR OWNER" and my account at work "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)" from my portable HDD Security Properties and changed the owner to "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)". Please, Help! Tag: Disallow change password from some computers Tag: 72737
  - 25
    - Access is denied to some my folders. How to regain access? Hello I mistakenly removed every account except "CREATOR OWNER" and my account at work "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)" from my portable HDD Security Properties, and access to some folders on my portable HDD became denied. How to regain the access to all my HDD folders? Thanks. Tag: Disallow change password from some computers Tag: 72733
- Next
  - 1
    - Will I have full control over my portable HDD at home computer? Hello My portable HDD Security Properties contain "CREATOR OWNER" and my account at work "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)". Will I have full control over my portable HDD at home computer? How to make sure that I will have full control over my portable HDD at home computer? Thanks. Tag: Disallow change password from some computers Tag: 72726
  - 2
    - anti virus I downloaded virus protection software "AntiVir" because my NAV (Norton) did not catch some Trojans and Backdoors (I have current definitions). The "AntiVir" detects all any idea why? Tag: Disallow change password from some computers Tag: 72722
  - 3
    - MS05-25 Security Update Am expieriencing a problem with systems that have loaded this security update. It affects their ability to open document library folders in a web folders view on a sharepoint server. Has anyone else seen this and if so is there a fix? Thanks Kurt Tag: Disallow change password from some computers Tag: 72711
  - 4
    - Certificate Authority type I was brought into an environment without good documentation and am trying to figure out what types of CA's are present. I have 2 servers (both domain controllers). One is a Root Certificate authority, the other is a subordinate. I'm trying to determine if they are enterprise, or standalone. Is there someway I can tell which it is? I can't find it in the MMC. Is there a registry key that would tell me what kind it is? I would assume they are enterprise but the previous admin wasn't very good and left on bad terms so I can't ask and can't afford to assume. Tag: Disallow change password from some computers Tag: 72709
  - 5
    - Using delegation to grant dc event log access Does anyone know if there are delegation options available that would allow you to give a group Read access to domain controller event logs? Either a single dc or all of them in a domain. Tag: Disallow change password from some computers Tag: 72702
  - 6
    - Service Account Certficates Hello Everyone, I have issued a certificate to a Service Account's certificate store. Does anyone know how to turn on certificate authentication for service accounts? Is it a registry change or local security setting or something else? thanks, Terence Tag: Disallow change password from some computers Tag: 72701
  - 7
    - what type of certificate authority? I was brought into an environment without good documentation and am trying to figure out what types of CA's are present. I have 2 servers (both domain controllers). One is a Root Certificate authority, the other is a subordinate. I'm trying to determine if they are enterprise, or standalone. Is there someway I can tell which it is? I can't find it in the MMC. Is there a registry key that would tell me what kind it is? I would assume they are enterprise but the previous admin wasn't very good and left on bad terms so I can't ask and can't afford to assume. Tag: Disallow change password from some computers Tag: 72700
  - 8
    - webserver + file&print sharing enabled In my organization we have a Win2003+IIS6.0 server with a website available on the Internet. Such webserver resides in the internal network. File & Print Sharing for MS Networks is enabled on this box. We have internal users that access this server via UNC path and update the website there by dumping content to the \\myserver\share-iis. Question is this, if I use a reverse proxy (ISA 2004) to publish such website that resides on this Win2003 server, do you consider it is alright leaving this box as is ? I mean, leave it with access via NetBIOS (F&P sharing) enabled so that people can use from the internal network ? Or it would be considerably more secure work setting up a staging server and leave this box only as a webserver ? Then put a tool on the Webserver that could upload content from the 'staging' server ? The point is here is this, do you think the fact I am publishing this via ISA 2004 (or any similar product) makes this secure enough to keep File & Print sharing turned on ? Tag: Disallow change password from some computers Tag: 72699
  - 9
    - Automatically updated? I have XPHome, SP3. I have my PC set to automatically download and install updates. The only problem I have with this is that I don't know how to tell if all updates have in fact been installed. I'm assuming that the automatic updates also include the update put out monthly. How do I find out if all everything is in fact up to date? Thanks for any advice. Tag: Disallow change password from some computers Tag: 72697
  - 10
    - File Permission Issue I'm having an interesting issue with file/folder permissions. I create a folder on a share drive and populate it with files. When I go back to the security tab, it tells me that I only have permission to view the security of the files even though Everyone/Full control is the permission setting and I am the owner of the folder. Any thoughts? Thanks Dan Tag: Disallow change password from some computers Tag: 72694
  - 11
    - Protecting CD copy Hi to all. Does anyone know a good procedure to protect cdÂ´s against ilegal copy? Tag: Disallow change password from some computers Tag: 72689
  - 12
    - "Reverse" proxy available. Any need to put web servers in DMZ ? This is the discussion here: I have ISA 2004 setup as a workgroup in the DMZ successfully publishing my OWA 2003. I have a web server (win2003, IIS6.0) that pulls data from a SQL 2000 db. Such web server is currently in the "internal" network. Web server requires no authentication. In my view it makes more sense keep such web server as is in the internal network and publish it via "ISA" to take advantages of HTTP filters and other things ISA offers. Instead, do you see any advantage security wise of moving such webserver to the DMZ instead ? That will require a whole in the firewall to allow traffic to the SQL db which resides in the internal network. If you can help, advise on pros and cons of placing such web server in the DMZ instead of keeping ISA->Web server(Internal). Tag: Disallow change password from some computers Tag: 72688
  - 13
    - Automatically updated? I am running XP2 (Home) with SP2. I have my automatic updates set to download and update automatically. Is this something I should do, or should I have it set to download then notify me to update? The only problem I have with setting it as fully automated is that I don't know how to tell if all the latest updates have in fact been installed, such as the monthly updates. Can someone advise? Thanks! Tag: Disallow change password from some computers Tag: 72687
  - 14
    - windows media player 9 when I play music with windows media player 9 (I prefer this edition) after about 10 seconds the slider bar on the bottom and the visualizations freeze for about 10 seconds then carry on, sometimes it happens again during the rest of play. I have done a factory refresh, no different also reinstalled W,M,P still no different, is there something wrong with W,M,P or the hardware? Tag: Disallow change password from some computers Tag: 72685
  - 15
    - New MSSecure.XML Version 2005.06.15.0 Now Available MSSECURE.XML Data Version 2005.06.15.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified yesterday, June 15, 2005, and is now available for all supported languages (English, French, German and Japanese). Today's release contains NO NEW BULLETINS - but fixes the following data error: MSXML 3.0 incorrectly reporting SP7 as the latest service pack. MSXML 3.0 SP5 is the latest publicly available MSXML 3.0 service pack, although SP7 can be installed on Windows 2000 platforms when SQL Server 2000 SP4 is installed, and can be found on Windows Server 2003 machines. MSXML 3.0 SP7 is not available as a separate download at this time. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: Disallow change password from some computers Tag: 72682
  - 16
    - Dicussion on where RADIUS server should be All network diagrams I've seen so far indicates that a RADIUS server (Windows IAS, ACS, or whatever) should be placed in the 'internal' network and establish communications with DC's there. Then if an external user attempts to connect via VPN (DMZ), then I would allow only the ports necessary from the VPN concentrator to the RADIUS server and pre-authenticate users at that point. I have a security guy fellow here that tells me that the RADIUS server should be placed in the "DMZ" instead. Does this make sense at all ? Tag: Disallow change password from some computers Tag: 72681
  - 17
    - Win32 security limitations: why? Hi, Trying to spawn a process from an impersonated client from within IIS-ASP I came across some (in my opinion) weird behaviour. 1) CreateProcess and ShellExecute both create the new process using the current process-token, yielding in a process running under the IWAM_xxx account. This happens even if the client was an anonymous user! I just don't understand this behaviour. Other operating systems I know will spawn the process from the *current* security context, so under the imporsonated client. Doing it on the MS-way enables anonymous users to create process with a higher security level. Thats a major security risk! Or not? Can someone put some light on it, or point me to more detailed information about why MS implemented security the way thay did? 2) Its even impossible with CreateProcessAsUser() to create the process under the imporsonated account because the SeAssignPrimaryTokenPrivilege must be held (and by default nobody does...) 3) I also needed to load the user hive, so I tried LoadUserProfile(). Also this API needed a privilege: the SeRestorePrivilege. Since the imporsonated user is a "normal" user, it didn't held this privilege, so the account couldn't load its own profile! Why is that? I understand that loading another user's profile is a security risk, but loading your own profile is definitly not. I would like to understand more about the why's. Please help. Thanks a lot. Peter Tag: Disallow change password from some computers Tag: 72675
  - 18
    - Data decryption EFS Well World here's my problem: I have some very important encrypted data (EFS) that I need to decrypt from my previous system (WinXP Pro). I also have the following files from previous system: C:\Documents and Settings\dorde\Application Data\Microsoft\Crypto\RSA\* ...\SystemCertificates\My\Certificates\* ...\SystemCertificates\My\Keys\* but I don't have, so called, "Master Key". I know all passwords from previous system. So, is there anything I can do? Please, Thanks Tag: Disallow change password from some computers Tag: 72674
  - 19
    - Visited site history When I click on the address line and type www. and then a letter, several addresses show up that I have not visited. They do not appear in the history when I click on the down arrow. Where are these sites coming from? Are they attached to another site I'm visiting? Or is someone else in my house trying to go to sites they don't want me to know about? Thanks for the help! Tag: Disallow change password from some computers Tag: 72670
  - 20
    - A virus, or not? I routinely ran spybot and ad-aware, in addition to my AVG virus checker and the on-line virus check with Trend Micro and RAV. None of them detected any malware. Then I installed the MS Antispyware program. It immediately found a Trojan: iteye, located in c:/windows\system32\notpad.exe . It is shown as a high threat level. Why do all these other programs not detect something as obvious as notpad.exe?? -- Walter www.rationality.net - Tag: Disallow change password from some computers Tag: 72665
  - 21
    - Determine whether an admin is viewing other users mailboxes? Hi all, I am posting this up to the security and exchange groups. Is there a way to determine whether an indivudual who has permissions to open other users mailboxes is actually doing so? For example can you view the outlook profile of the individual in question? or an event log entry? We have a possible abuse of privilege situation but are unsure as to whether this type of behavior can be verified. Any advice is appreciated. Thanks. Tag: Disallow change password from some computers Tag: 72658
  - 22
    - File Permissions are not inheriting On an SBS2003 server I have the company folder set to allow Users, Administators, System , and Owner Full control over files and directories. These permissions are set to inherit and propogate to child objects. The problem happens when a user creates a new folder from their workstation via a network share. The permissions on this new folder do not inherit chosing to give the user, and administrator control. If I go to the company folder and re-apply the "replace permissions entrons on all child objects" things are reset until the user creates another object. be it file or folder) I don't understand what is going on here as this is not a problem on any of the other servers I manage. Tag: Disallow change password from some computers Tag: 72653
  - 23
    - Security Log We are trying to log account management and some account logons through the default domain controller gp, but we are unable to get anything to show up in our security log on the pdc, even if we reset the password directly on the server. We have got this to work very easily on our test dc but have no idea why we don't get notifications on our prod dc. Any suggestions? Tag: Disallow change password from some computers Tag: 72652
  - 24
    - Auditing Whom delete an file or folder. Hi, It is possible and how to set Audit so I can log which user at which workstation delete an file or folder? Thank, S. Tag: Disallow change password from some computers Tag: 72647
  - 25
    - WInXP SP3 Why not release a SP3 for WinXP that incluldes all the latest updates? Tag: Disallow change password from some computers Tag: 72646

Is there a way to disallow password changes from certain machines without
completely removing a users ability to change their own password? Even just
hiding/disabling the "Change Password" button on the Windows Security screen
(CTRL-ALT-DEL) would probably suffice.

Here's where I'm coming from: we have a large number of users in satellite
offices and working out of their homes. They all have laptops that they use
for 75% of their work but they're still regularly required to access our
Terminal Servers for various reasons. We force users to change password
regularly. Every now and then though one of the remote users will change the
password VIA the terminal server - which updates it on the corporate LAN but
leaves their laptop out of synch. Invariably they then end up locking
themselves out.

Top

Re: Disallow change password from some computers by S

S
Wed Jun 22 06:56:29 CDT 2005

Nope that isn't possible - I'd consider replacing passwords with smart cards
to avoid the need to change passwords

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Josh Muehe" <JoshMuehe@discussions.microsoft.com> wrote in message
news:E903D78C-63A1-4F17-8109-052620FE8399@microsoft.com...
> Is there a way to disallow password changes from certain machines without
> completely removing a users ability to change their own password? Even
just
> hiding/disabling the "Change Password" button on the Windows Security
screen
> (CTRL-ALT-DEL) would probably suffice.
>
> Here's where I'm coming from: we have a large number of users in satellite
> offices and working out of their homes. They all have laptops that they
use
> for 75% of their work but they're still regularly required to access our
> Terminal Servers for various reasons. We force users to change password
> regularly. Every now and then though one of the remote users will change
the
> password VIA the terminal server - which updates it on the corporate LAN
but
> leaves their laptop out of synch. Invariably they then end up locking
> themselves out.

Top