Microsoft KB Archive/242795

= Granting Change Password Permissions to the Everyone Group =

Article ID: 242795

Article Last Modified on 3/2/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 1
 * Microsoft Windows NT 4.0 Service Pack 2
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6

-



This article was previously published under Q242795



SUMMARY
When you grant the Change Password right to the Everyone group, all users and computer accounts, including domain controllers and anonymous users, are able to change passwords for computer and user accounts. To maintain security, users can only change the password if they know the current password.



MORE INFORMATION
To view the permissions on a user object, follow these steps:


 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
 * 2) Click View, and then click Advanced Features.
 * 3) Click the Users Organizational Unit (OU), double-click a user, and then click the Security tab.
 * 4) Click the Everyone group to see the permissions assigned to the group.

NOTE: Change Password is the only check box selected by default.
 * 1) Click Cancel when you have the information you need.

The Everyone group has Change Password permissions on all computer and user objects so that unauthenticated or "anonymous" users or computers are able to change their passwords when they expire without having to be authenticated first. If the anonymous user is denied the ability to change passwords, the user would be unable to change the password without logging on. The Access Control List (ACL) editor can be used to revoke this permission, but use this editor with caution.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

258788 Cannot Change Password in Windows Without Logging on to Domain

Keywords: kbinfo kbenv KB242795

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.