After a trust is established using a defined password it is changed automatically every seven days. If this password change is missed two cycles
running then the trust is broken. This also applies to machines in a domain who have a secure channel with the domain controller and change their passwords
every 7 days on NT 4.0 and for Windows 2000 every 30 days.
To disable the trust password changes perform the following change on the
domain controllers/workstations:
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Double click on DisablePasswordChange
Set to 1
Click OK
Close the registry editor
Another option to stop the computer account password changes is to refuse the
change at the domain controller:
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
From the Edit menu select New - DWORD value
Enter a name of RefusePasswordChange
Double click on the new value and set to 1
Click OK
Close the registry editor
|
|
|
|
|
|
|
|