You can configure your domain via a group policy so that users can change their passwords only when the system prompts them:
Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (Start, Programs, Administrative Tools, Active Directory Users and Computers).
Right-click the container (site/domain or organizational unit�OU) you want to enforce the policy on, and select Properties.
Select the Group Policy tab.
Select the policy and click Edit.
Expand User Configuration, Administrative Templates, System, Logon/Logoff.
Double-click Disable Change Password, and on the Policy tab, select Enabled.
Click Apply, then OK.
Close all dialog boxes.
Refresh the policy with the following command:
C:\> secedit /refreshpolicy user_policy
You can also configure this feature on a per-user basis. Perform the following steps:
Start regedit.exe.
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies.
If the System key exists, select it. Otherwise create it (Edit, New, Key, System).
Under System, create a new value of type DWORD (Edit, New, DWORD value).
Type a name of DisableChangePassword, and press Enter.
Double-click the new value, and set it to 1. Click OK.
Close regedit.
You don't need to log off; the change takes effect immediately.
|
|
|
|
|
|
|
|