Hi Timothy, That's great thanks. Very clear and not muddy waters at all! I'll go back to my Net Admin and find out what permissions he's given me. The scary thing is I see I can give myself full domain perms, but there's no way I'd ever do it! Barry. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Timothy Spaulding Sent: 12 February 2013 14:10 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] ActiveDirectory Permissionsto unlock/reset/prompt user Hi, You guys are going at it from 2 different angles--and you both are right in your line of thinking. Barry, you are wanting the system to force the user to change their password after it has been reset by an admin. This is a checkbox configured on the Accounts tab of the property pages for that user. Once checked, what you want will always happen. Stephen is right that the force user to change password is not an option on the reset dialog that appears after right clicking on the user and selecting reset password. There are no specific permissions for this. If the account has the ability to manage the user, they can reset the password and affect the check box to force the user to change the password once reset. Hopefully, I didn't muddy the waters any more. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Barry Toner Sent: Tuesday, February 12, 2013 8:49 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] ActiveDirectory Permissionsto unlock/reset/prompt user I have yup. All that's there is what I said. Baring in mind I didn't' configure this AD nor set the permission on the technicians account, which happens to be mine. Thanks, Barry. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Stephen Guerra Sent: 12 February 2013 13:37 To: 'Blind sysadmins list' Subject: Re: [Blind-sysadmins]ActiveDirectory Permissionsto unlock/reset/prompt user Have you tabbed through the entire dialogue box until you reach Ok? I have the box to have the user reset the password right near where account expires. Stephen Guerra Assistive Technology Specialist and Technical Operations independent living aids, LLC | SOUNDBYTES 200 Robbins Lane Jericho, New York 11753-2341 Phone: 800.537.2118 Direct: 516.450.3817 Fax: 516.450.3842 E-mail: stephen@independentliving.com Check out our 2013 New E-Catalog Web sites: www.independentliving.com www.soundbytes.com 13581ff6-edb8-4fe2-9d8d-9677a6e429d3 Y2:13581ff6-edb8-4fe2-9d8d-9677a6e429d3 -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Barry Toner Sent: Tuesday, February 12, 2013 7:33 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] ActiveDirectory Permissionsto unlock/reset/prompt user Reset password is under the account tab? No here it's not. The only thing I see in AD's Account tab for any user is, User logon name, User logon name (pre-Windows 2000):, Logon Hours..., Log On To... And if their account is locked the unlock account checkbox becomes enabled. Reset password is appearing in the appsKey/Right click on the user account. Barry. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Stephen Guerra Sent: 12 February 2013 13:26 To: 'Blind sysadmins list' Subject: Re: [Blind-sysadmins] ActiveDirectory Permissionsto unlock/reset/prompt user It would not e their nor has it ever been their. Pressenter on the user and control+tab to the account tab to see it their Stephen Guerra Assistive Technology Specialist and Technical Operations independent living aids, LLC | SOUNDBYTES 200 Robbins Lane Jericho, New York 11753-2341 Phone: 800.537.2118 Direct: 516.450.3817 Fax: 516.450.3842 E-mail: stephen@independentliving.com Check out our 2013 New E-Catalog Web sites: www.independentliving.com www.soundbytes.com 13581ff6-edb8-4fe2-9d8d-9677a6e429d3 Y2:13581ff6-edb8-4fe2-9d8d-9677a6e429d3 -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Barry Toner Sent: Tuesday, February 12, 2013 7:24 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Active Directory Permissionsto unlock/reset/prompt user Eh? No, when hitting apps key on the user account and select Reset Password, on the dialog box that comes up there's no tick box to prompt the user to change their password. Thanks, Barry. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Stephen Guerra Sent: 12 February 2013 13:21 To: 'Blind sysadmins list' Subject: Re: [Blind-sysadmins] Active Directory Permissionsto unlock/reset/prompt user Are you poressing enter on the end user opening the properties of the user and under the account Tab the check box is not available? Stephen Guerra Assistive Technology Specialist and Technical Operations independent living aids, LLC | SOUNDBYTES 200 Robbins Lane Jericho, New York 11753-2341 Phone: 800.537.2118 Direct: 516.450.3817 Fax: 516.450.3842 E-mail: stephen@independentliving.com Check out our 2013 New E-Catalog Web sites: www.independentliving.com www.soundbytes.com 13581ff6-edb8-4fe2-9d8d-9677a6e429d3 Y2:13581ff6-edb8-4fe2-9d8d-9677a6e429d3 -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Barry Toner Sent: Tuesday, February 12, 2013 7:09 AM To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Active Directory Permissions to unlock/reset/prompt user Hi folks, We're seeing an issue here with a 2K3 Server whereby permissions that have been granted are allowing a tech to unlock/reset a password. However, in AD they don't have the option to prompt the end-user to change their password when the type in the reset password. Any ideas what permission needs to be altered? Thanks, Barry. Barry Toner ICT Assistant ICT Department Clanmil Housing Northern Whig House 3 Waring Street Belfast BT1 2DX Tel: 02890 876000 Fax: 02890 876001 _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins