User Must Change Password at Next Logon

Bulletin: 110907-2

Software Effected:
ServerMigrator, Resemble, PasswordCopy, Domainreconfigure

Issue:
After performing a member server migration, the passwords were copied sucessfully but it appears that the accounts are being prompted to change the password at next logon. Is there a setting we can change so users are not prompted to change their passwords?

Solution:
In Windows Server 2000 and 2003, if password is set using the Winzero paswordCopy method, the "user must change password at next logon" attribute is set automatically by the system so users are forced to change the password at next logon.

Winzero password Copy functionality has an extended process to unselect the "User must Change password at next logon" feature. However, server policies or domain policies may over ride this process.

We have included a utility in ServerMigrator to report and manage pasword properties to unselect one or more accounts "user must change password at next logon" property.

A second method, the preferred solution is to use a registry key to control this.

Key: HKEY_LOCAL_MACHINE
Path:\System\CurrentControlSet\Control\Lsa
Value name: SamRestrictOwfPasswordChange
Data type: REG_DWORD
value: 0

If this key does not appear then create it with the value of 0 (zero) if the key does exist then change the value.