Can Change Expired Password Without Authorization When Using IAS or RRAS in Windows 2000 (292053)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
This article was previously published under Q292053 SYMPTOMS
When you use the Internet Authentication Service (IAS) or the Routing and Remote Access Service (RRAS), user authentication precedes authorization. If you change a password, the change is made even if you did not receive authorization.
The dial-up permissions should be set before the server permits you to change an expired password.
CAUSE
This behavior can occur because the function of changing a password is treated as an authentication type and is not moved after the authorization stage.
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
-------------------------------------------------------------------
5/31/2001 03:31p 5.0.2195.3656 97,040 Iasrad.dll
5/31/2001 03:31p 5.0.2195.3656 97,552 Iassam.dll
5/31/2001 03:31p 5.0.2195.3656 269,584 Iassdo.dll
5/31/2001 03:31p 5.0.2195.3656 20,240 Iasuserr.dll
6/29/2001 02:30p 5.0.2195.3662 144,144 Rasuser.dll
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.
| Modification Type: | Minor | Last Reviewed: | 9/26/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbfix kbnetwork kbWin2000PreSP3Fix kbWin2000sp3fix KB292053 |
|---|
|