Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\Netlogon
Name: RefusePasswordChange
Type: REG_DWORD
Value: 1
After the first attempt to change the password,
setting RefusePasswordChange prevents the workstation
from further attempts to change the password (by returning a distinct status
code), but the workstation will try again in one week. Setting RefusePasswordChange stops the replication traffic, but not
the client traffic. Setting DisablePasswordChange to 1
on all client computers stops both client and replication traffic.
- Admin KnowledgeBase
- Articles & Tutorials
- Authors
- Blogs
- Hardware
- Message Boards
- Newsletters
- RSS
- Software
- White Papers
- Admin Tips
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
- Windows NT
- Registry Tips
- Password
- Machine Account Password Changes
- Password
- Registry Tips
- Windows NT
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
- Section(s): Password
- Published on Apr 20, 2004.
- Last Modified on Apr 20, 2004.
- Last Modified by Wayne Maples.
- Rated 2 out of 5 based on 3 votes.
Machine account passwords are changed every seven days automatically. Do not
disable this behavior if security is important in your organization. By
disabling machine account password changes, you are giving up some security
because this secure channel is used for pass-through authentication. Apply the
following change to each BDC and then the PDC (order is critical). This change
refuses password change requests from Windows NT Workstations (or Windows NT
Member Servers) running Windows NT version 4.0 or later.
Latest tips by Wayne Maples
Article not looking right or info is missing? Let us know so that we can fix it: .
Featured Links*
Become a WindowsNetworking.com member!
Discuss your network issues with thousands of other network administrators. Click here to join!
