| VID |
27022 |
| Severity |
20 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The user cannot change their password. This setting is not recommended unless this is a service account, as it leads to less frequent password changes.
* References:
http://www.iss.net/security_center/static/1307.php
http://all.net/journal/netsec/9709.html
http://cgi.nessus.org/plugins/dump.php3?id=10898
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
To enable a user to change their own password, follow the steps below, appropriate for your platform.
In Windows NT:
1. Open User Manager. (From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.)
2. Select the user from the list.
3. From the User menu, select Properties to display the User Properties dialog box.
4. Clear the User Cannot Change Password check box.
5. Click OK.
For a Windows 2000 domain:
1. Start Active Directory Users and Computers Management Console (dsa.msc).
2. Look for the user of interest in the domain, the default folders to look for is Users.
3. Open the Properties page for the user of interest.
4. Select the Account Tab.
5. Ensure the "User cannot change password" option under Account Options is not checked.
For stand-alone Windows 2000 machines:
1. On the computer of interest, start Local Users and Groups Management Console (lusrmgr.msc).
2. Open the User folder.
3. Select the User of interest.
4. Open the Properties page for the user.
5. Select the General Tab.
6. Ensure the "User cannot change password" option is not checked.
For Windows XP, 2003, VISTA, 7, 2008, 8, 2012, 10, 2016, 2019:
1. Start menu, select Run and then execute lusrmgr.msc
2. Open [Local Users and Groups] -> [Users] folder and select the User.
3. Select the 'Properties' menu for the user.
4. Select the 'General' Tab.
5. Ensure the "User cannot change password" option is not checked. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
