| 9/19/2007
-- When a trust relationship is created between domains, a password is used to
create the trust. This password is periodically changed on both sides for security
reasons.
Similarly, when workstations join a domain, they establish a secure channel
with the domain controller. Both sides use a password to create this channel
and then automatically change this password every seven days on NT workstations
and every 30 days on Windows 2000 and Windows XP workstations.
The passwords can sometimes get out of synch under certain situations, such
as when workstations get turned off for an extended period of time.
If you want to disable password change, you'll need to modify the registry.
Here's the procedure:
- Start the registry editor, regedit.exe.
- Go to HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
- In the right-hand pane, double-click DisablePasswordChange and set the
Value data to decimal 1.
If you would like to change the maximum password age (default is 30 days on
Win2K and WinXP), you can modify the parameter MaximumPasswordAge in the same
registry location as described above in Step 2. This value exists by default
on Win2K and WinXP clients. On NT4 clients, it only exists if you are using
SP4 or later.
If the value doesn't exist, you can add a new DWORD value called MaximumPasswordAge
and then set it to 1. The valid range for this value is between 1 and 1,000,000. |
