Knowledge Base

Changing a User's Password to One Already in Use

PSS ID Number: 102529

Article Last Modified on 10/29/2003

The information in this article applies to:

Microsoft Windows NT Server 3.1
Microsoft Windows NT Workstation 3.1

This article was previously published under Q102529

SYMPTOMS

You can change a user's password to one that is already used. (See "Steps to Reproduce Behavior," below.)

CAUSE

The Password Uniqueness feature allows administrators to force users to change passwords regularly and not to use the same password over and over. It is up to the administrator to decide how to use Password Uniqueness and when to override it and reset a user's password.

A user's password history is not remembered when Password Uniqueness is set. By design, password history does not apply when an administrator is setting a user's password--only when users are changing their own passwords.

(Under LAN Manager 2.x, you can do the same thing by changing the Password Uniqueness setting to zero, resetting the user's password, then returning Password Uniqueness to its previous value.)

STATUS

This behavior is by design.

MORE INFORMATION

Steps to Reproduce Behavior

Start the Windows NT User Manager.
In the Policies dialog box, choose Account.
Set the Password Uniqueness value to a number such as 2.
Close the dialog box.
From the User menu, choose New User.
In the Username box, type a username (for example, User1).
Give User1 a password (for instance, Pass1). Close the dialog box.
In the main user list, double-click User1. In the Password and Confirm Password boxes, enter the same password you used in step 7.
Close the dialog box.

Note that you changed the user's password to one that was already used.

NOTE: This behavior occurs in the Windows NT Advanced Server User Manager as well.

Additional query words: prodnt

Keywords: kbother KB102529
Technology: kbWinNT310Search kbWinNTS310 kbWinNTS310search kbWinNTsearch kbWinNTSsearch kbWinNTW310 kbWinNTW310Search kbWinNTWsearch