What is the colleague on the United States today, the user does not have to modify the password of the domain user. After the situation in half a day, I thought of the GPO (Group Policy), to Microsoft, found a KB, can implement how the group policy is prohibited from using Group Policy, and cancel the counter. The specific method is mainly as follows:
I. How to configure the site, domain or organizational unit to change the password to change the system prompt
1. Start the "Active Directory User and Computer" management unit by using the Microsoft Management Console (MMC). Operation method: Click Start, click Run, type the MMC, and then click OK. On the File menu, click Add / Remove Syndr. Add, Active Directory Users, and Computers, Add, Off, and then click OK. Now, the management unit should be seen in the left pane of the console. 2. Expand the management unit, then right-click the domain or organizational unit you want to change the new password to change the policy, and then click Properties. 3. Click Group Policy tab, click Group Policy Objects (GPO) you want to use, and then click Edit. If there is a policy in the window, click New to create a new policy you can choose to choose the name, and then click Edit. 4. Expand this policy and expand the User Configuration node. Expand the Administrative Template node and expand the System node. 5. Click the login / logout node. 6. Right-click to change the password policy and click Properties. 7. On the Policy tab, click Enable option, then click OK. 8. Close the Group Policy window and exit the "Active Directory User and Computer" console. 9. At the command prompt, type secedit / refreshpolicy user_policy / enforce, then press ENTER to update the policy.
Note: By default, policies applied to the user or computer at the domain level will be applied to all users and / or all computers in the domain. By default, policies applied to organizational units will be applied to all user accounts and / or computer accounts that reside in the organizational unit and any subtiren unit that may exist. The user account must be transferred to the organizational unit or to create the policy. If it is just to add a user to the organizational unit, it may be a security group of its member, and the user will not be applied to the user.
II. How to disable the "Change Password" button for one or more specific users
The following steps must be performed on the user's computer:
1. On the Command Prompt, type regedit, then press Enter. 2. View the registry key below:
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies
3. Click the System item (if it exists). If this item does not exist, click New in the Edit menu, then click Options to create a new folder value called "New Key # 1". The New Key # 1 value is renamed to System. 4. Click the System item. On the Edit menu, point to New, and then click DWORD Value. Name the new key # 1 to disableChangePassword, press Enter, and press Enter again. 5. Change the value from 0 to 1.6. Exit the Registry Editor. Press CTRL Alt Delete key to see that you cannot use the change password button now.
P.S: Microsoft KB: a. How to prevent users from changing the password in a non-necessary case http://support.microsoft.com/default.aspx?scid=kb;zh-en;309799
