MaximumPasswordAge DisablePasswordChange On Client Computers

by [Published on 27 Jan. 2010 / Last Updated on 31 May 2009]

This article explains how a domain client computer changes its password with the domain controller.

By default, a computer must update its Computer Password with domain controller within the 30 days specified in the registry. This is required to establish the secure channel between the client computer and the domain. If a computer is not able to update its password in the domain within the 30 days then the computer cannot participate in the domain or access the resources.

You need to check the following registry entries to make sure computer is able to sync its password with the domain:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon

MaximumPasswordAge

Default value for this entry is 30 days. A computer must update its computer password with its authenticator (domain controller) within the specified days. If this entry is 0 then password is never updated.

DisablePasswordChange

The default value of this entry is 0(disabled). If this is 1 then domain computer can't update its password automatically. You must manually update computer account's password.

 

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal is a MCSEx3, MCITP and was awarded Microsoft MVP award in Directory Services and Windows Networking. He is specialized in Directory Services, Microsoft Clustering, Hyper-V, SQL and Exchange and has been involved in Microsoft Technologies since 1994.

Latest Contributions

Featured Links