MaximumPasswordAge DisablePasswordChange On Client Computers

By /

By default, a computer must update its Computer Password with domain controller within the 30 days specified in the registry. This is required to establish the secure channel between the client computer and the domain. If a computer is not able to update its password in the domain within the 30 days then the computer cannot participate in the domain or access the resources.

You need to check the following registry entries to make sure computer is able to sync its password with the domain:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon

MaximumPasswordAge

Default value for this entry is 30 days. A computer must update its computer password with its authenticator (domain controller) within the specified days. If this entry is 0 then password is never updated.

DisablePasswordChange

The default value of this entry is 0(disabled). If this is 1 then domain computer can't update its password automatically. You must manually update computer account's password.

 

About The Author

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top