User forced to change password on 1st login

Similar Messages

• Force change password on next login

  Hi,
  i use access manager 7.1 patch 1 and directory server 5.2 patch 4 and want force the user to change his password on the next login.
  I try to check manually the option "Force change password on next login" of one user by Access Manager GUI but don't work.
  The LDAP attribute "iplanet-am-user-password-reset-force-reset" is TRUE but when i try to login Access Manager don't force me to change password.
  anybody can help me?
  regards
  Alberto.

  Anyone never had this problem?

• Create a user through the API and "Prompt user to change password after next login".

  Using the Adobe Connect Interface, I can create a user and check the checkbox to "Prompt user to change password after next login".
  Can I achieve the same result using the API? The principal-update action doesn't offer such an option and, as far as I can tell, there isn't another action to do so either.
  Thank you.

  You can achieve it as part of your application functionality, but not as a configuration option on WLS.

• Restrict users from changing password on first login?

  Hi,
  I am doing mass user upload into UME using script import. How should I use the below functionality to restrict the users from changing password on first login?
  IUserAccount uacc =UMFactory.getUserAccountFactory().newUserAccount(uid,newUser.getUniqueID());
  uacc.setPassword("saras");
  uacc.setPasswordChangeRequired(false);
  How to implement above functionality with mass upload from script import?
  Thanks
  Srinivas
  Edited by: srinivas M on Jan 20, 2009 9:05 PM

  hi srinivas,
  try this api
  http://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/IUserAccount.html#isPasswordChangeRequired()
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
  this document able to retrive the password.. same positon u can disable the field
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10649c90-24af-2b10-1086-ea0667ec3655
  thanks

• Com.sap.db.jdbc.exceptions.JDBCDriverException:user is forced to change password

  Hi all
  I am trying to connect hana using jdbc code
  here is my code
            Class.forName("com.sap.db.jdbc.Driver");
              String url = "jdbc:sap://host:30015/?";
              String user = "Mujadid";
              String password = "Cloud123";
              System.out.println("try to connect to HANA !");
              Connection cn = java.sql.DriverManager.getConnection(url, user, password);
              System.out.println("Connection to HANA successful!");
              ResultSet rs = cn.createStatement().executeQuery("select * from _SYS_STATISTICS.STATISTICS_ALERTS");
              rs.next();
              System.out.println(rs.getString(1));
  I am facing following exception
  com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: [414]: user is forced to change password: alter password required for user MUJADID
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.createException(SQLExceptionSapDB.java:345)
  Any suggestion?

  Hi Mathan!
  now above error is esolved
  But i m facing following error when i try to read connections table from live2 schema
  com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: [259] (at 20): invalid table name:  Could not find table/view CONNECTIONS in schema LIVE2
  and this table exist in LIVE2 schema
  Any suggestion?

• Change password at first login

  Hi all,
  In my JSF web app, if a user has his password reset by an admin, the new password is emailled to him, and as soon as he logs with the new password in he MUST change his password, before being allowed to use any other part of the site.
  How can I force the "change password" screen to appear?
  My current "hack" is to add this code to the beginning of every single JSF page:
  <%
       final boolean userMustChangePasswordAtNextLogin = ((Boolean) MyAbstractView.evaluateValueBinding("#{loggedInUser.userBean.mustChangePasswordAtNextLogin}")).booleanValue();
       if(userMustChangePasswordAtNextLogin) {
  %>
       <html>
            <head>
                 <META HTTP-EQUIV="Refresh" CONTENT="0; URL=ChangePassword.jsp">
            </head>
       </html>
  <% } else { %>
       [Regular JSP/JSF page content...]
  <% } %>Is there a graceful JSF way of doing this? I've investigated the NavigationHandler, but it doesn't get invoked until the user clicks on a CommandButton or such like. I've investigated ViewHandler as well, but cannot see how this would help.
  Any advice appreciated & many thanks in advance...
  - Adam.

  Thanks a lot SirG ....
  This is what I have done so far:
  package com.abc.send.controller.security;
  import javax.faces.component.UIViewRoot;
  import javax.faces.context.FacesContext;
  import javax.faces.event.PhaseEvent;
  import javax.faces.event.PhaseId;
  import javax.faces.event.PhaseListener;
  public class LoginPasswordPhaseListener implements PhaseListener
       public void afterPhase(final PhaseEvent phaseEvent)
            // Nothing to do
       public void beforePhase(final PhaseEvent phaseEvent)
            if(phaseEvent.getPhaseId().equals(PhaseId.RENDER_RESPONSE))
                 final FacesContext facesContext = phaseEvent.getFacesContext();
                 final String viewId = facesContext.getViewRoot().getViewId();
                 final boolean userMustChangePasswordAtNextLogin = true;
                 if((!viewId.equals("/logout.jsp")) && userMustChangePasswordAtNextLogin)
                      final UIViewRoot newRoot = facesContext.getApplication().getViewHandler().createView(facesContext,
                           "/restricted/changePassword.jsp");
                      facesContext.setViewRoot(newRoot);
       public PhaseId getPhaseId()
            // Seems that returning PhaseId.RESTORE_VIEW here doesn't work, so we
            // have to use an if expression in beforePhase(..)
            return PhaseId.ANY_PHASE;
  }Then in the faces-config.xml:
  <lifecycle>
      <phase-listener>com.abc.common.jsf.view.ViewScopePhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.secureserver.SecureServerPhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.browservalidation.BrowserValidationPhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.security.SecurityPhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.postback.PostBackValidationPhaseListener</phase-listener>
    <phase-listener>com.abc.send.controller.security.LoginPasswordPhaseListener</phase-listener>
    </lifecycle>So if final boolean userMustChangePasswordAtNextLogin = true; then on a successfull login currently I should be taken to the changePassword.jsp right ?

• User having problem changing password on Windows 2008 R2 via remote desktop win7

  I have a remote user in another building with OS 7 remote destkop to Windows 2008 R2 Server.  The users account is set to change password on first login.  when the users trys to change his pw he gets error "Configuration information could not be
  read from domain controller, either because the machine is unavailable, or access has been denied.
  We are not using domain controller on the Windows 2008 R2 Server it is set to workgroup.
  Any help ASAP would be greatly appricated.
  Thanks,
  Rob Jung

  Here is one of the event logs from when the user tried to logging (and change password on the first login):
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          10/13/2011 5:09:11 PM
  Event ID:      4625
  Task Category: Logon
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      win007.#***.net
  Description:
  An account failed to log on.
  Subject:
   Security ID:  SYSTEM
   Account Name:  WIN9$
   Account Domain:  ***
   Logon ID:  0x3e7
  Logon Type:   2
  Account For Which Logon Failed:
   Security ID:  NULL SID
   Account Name:  Administrator
   Account Domain:  WIN007
  Failure Information:
   Failure Reason:  Unknown user name or bad password.
   Status:   0xc000006d
   Sub Status:  0xc000006a
  Process Information:
   Caller Process ID: 0x254
   Caller Process Name: C:\Windows\System32\winlogon.exe
  Network Information:
   Workstation Name: WIN007
   Source Network Address: 127.
   Source Port:  0
  Detailed Authentication Information:
   Logon Process:  User32
   Authentication Package: Negotiate
   Transited Services: -
   Package Name (NTLM only): -
   Key Length:  0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{*******}" />
      <EventID>4625</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>12544</Task>
  Rob Jung ADRWeb

• I am unable to change passwords for any users.  The "change password" is grayed out.

  I am unable to change passwords for any users.  The "change password" is grayed out.  I know there is a way to change them but I am having trouble finding it.
  Message was edited by: dmw1975

  If you're in the Users pane of the server app, and you select Network Users from the drop-down near the top, there's a small padlock icon at the bottom. Is it locked or open? If locked, click it and enter credentials into the authorisation box that opens

• Number of days before user needs to change password

  If I enter a value for "Number of days before user needs to change password" will that effect both user and supervisor accounts or just user accounts? I have a supervisor account that we use for a lot of processes and do not want it to expire. However, our corporate security policy is to have user passwords expire at least every 90 days. Has anyone faced this before?<BR><BR>Thanks,<BR><BR>Mburkett

  mburkett,<BR><BR>Version 7.X has the external authentication option. The integration with active directory is very easy and can be configured in a few minutes. However, if your Essbase user names are different than MSAD user names, you would have to replace all Essbase users with their domain ID in order to use external authentication. If the user names are the same, it is only a matter of changing the flag to use the external AD password, rather then the Essbase password. <BR><BR>If you are not using Hyperion HUB, you should install it prior to implementing External Authentication.<BR><BR>I don't know the details of your custom job scheduler, but if it is based on ESSCMD, I dont see why it would not continue to work with an upgraded version.<BR><BR>Good Luck,<BR><BR>Chris

• Users getting forced to change password at least twice when expired

  Has anyone else experienced this?? A user expired yesterday, was prompted to change password and went into application. Tried to go in today and was prompted again to change password. The pwdchangetime is set to yesterday and the modifier is the user so pwdMustChange, (which is set to true), should not kick in.
  Using OID version 9.0.4.1
  thanks

  I've since found out that this is how Oracle has coded an expiration. If you change your password with a grace login, the modifiers stamp isn't your own. So you must change you password again if you have force change password set in your password policy.

• Open Dir, SMB, AFP, Changing Password on first login (Windows)

  Hey all...
  I've read up on some documentation but have run into a roadblock trying to set up file sharing for Open Directory user accounts with OS X Server 10.5.6.
  I have AFP and SMB (and Open dir) services enabled.
  Using all default settings I am able to share files using other Windows and OS X machines.
  Under the Open directory service settings in Server Admin, I tried to enforce that user passwords be reset on first log in.
  When I log in using OS X, I get prompted to change my password and it works fine. When I'm using Windows (XP in this case), the username/password prompt that windows presents outright rejects the initial password. So when forcing users to change passwords, Windows users can no longer log in to share files.
  I've attached the SMB log that correspond to the attempted log in from the Windows machine.
  [2009/01/28 18:12:49, 0, pid=1913] /SourceCache/samba/samba-187.7/samba/source/auth/authodsam.c:opendirectory_smb_pwd_checkntlmv1(383)
  opendirectoryuser_auth_and_sessionkey gave -14161 [eDSAuthNewPasswordRequired]
  [2009/01/28 18:12:49, 0, pid=1913] /SourceCache/samba/samba-187.7/samba/source/auth/authodsam.c:opendirectory_opendirectory_ntlm_passwordcheck(598)
  I'd appreciate any advice =)

  Hey all...
  I've read up on some documentation but have run into a roadblock trying to set up file sharing for Open Directory user accounts with OS X Server 10.5.6.
  I have AFP and SMB (and Open dir) services enabled.
  Using all default settings I am able to share files using other Windows and OS X machines.
  Under the Open directory service settings in Server Admin, I tried to enforce that user passwords be reset on first log in.
  When I log in using OS X, I get prompted to change my password and it works fine. When I'm using Windows (XP in this case), the username/password prompt that windows presents outright rejects the initial password. So when forcing users to change passwords, Windows users can no longer log in to share files.
  I've attached the SMB log that correspond to the attempted log in from the Windows machine.
  [2009/01/28 18:12:49, 0, pid=1913] /SourceCache/samba/samba-187.7/samba/source/auth/authodsam.c:opendirectory_smb_pwd_checkntlmv1(383)
  opendirectoryuser_auth_and_sessionkey gave -14161 [eDSAuthNewPasswordRequired]
  [2009/01/28 18:12:49, 0, pid=1913] /SourceCache/samba/samba-187.7/samba/source/auth/authodsam.c:opendirectory_opendirectory_ntlm_passwordcheck(598)
  I'd appreciate any advice =)

• Windows 7 Expired Password - Recvd Warning prompts but not forced to change password

  Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk
  reset thier password.
  Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.
  I have the GPO configured to notifiy users when thier passwords will expire in 14 days
  Thank you,
  Glen

  Hi,
  After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows
  7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.
  1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic
  Windows 7 client.
  2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:
  a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after
  collecting data. You may need to create the Diagnostics key if it is not there.
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
  Type: DWORD
  Value: GPSvcDebugLevel
  Data: 0x30002 (hexadecimal)
  b) Then on the problematic Win7 machine, run command “gpupdate /force”.
  c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.
  d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy
  -> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.
  e) After that, please send me the above output files. (please zip them first and then send them to me).
  - %windir%\debug\usermode\gpsvc.log
  - gpr_win7.txt
  - win7.evtx
  Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC
  result and the zip files, and then give us the download address.
  Thanks,
  Novak
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• User stuck on "Changing Password" screen after updating expired password, Windows 8.1 Pro

  Hi,
  We have recently upgraded to Windows 8.1 Professional in our domain (Domain & Forest Functional Level at Windows Server 2003). I am facing an issue where, when a users' password is expired and the user changes his/her password (after being prompted)
  on their Windows 8.1 workstation, the user isn't able to login. The login screen displays "Changing Password" along with the little dots going in circles.
  I have tried googling for a solution without much luck. Has anyone else faced this situation and is there a fix? Any help would be much appreciated.
  Regards,
  Sach

  Hi Sach,
  For this issue,I suggest we try using other computer to change the password.
  Meanwhile,please confirm the network connectivity.
  Regards,
  Kelvin Xu
  TechNet Community Support

• Error when forced to change password

  Hello,
  We are running W7 Embedded Standard edition.  We have a unit where the user if forced to change their password but get the error message "configuration information could not be read from the domain controller, either because the machine is unavailable,
  or access has been denied".  It is a standalone PC.  To rebuild will require a huge effort. This is the only active account on the PC.  The Administrator and guest accounts are disabled.  Any suggestions on how to get around this ?

   If FBWF or EWF is in the image, disable them and the try changing the password. Also, make sure the user didn't attached the machine to a domain.
  Changing local account policy so passwords never time out. You can create a custom security policy template that installs with the OS that disables password timeout.
  www.annabooks.com / www.seanliming.com / Book Author - Pro Guide to WE8S, Pro Guide to WES 7, Pro Guide to POS for .NET

• Cannot change password or admin login

  i have done everything i was advised to do but it just cant work bcus has tied the password and admin login
  some were in the computer.some people advised that i should take it to an apple store in my country
  but we dont have an apple store or a representative in cameroun, what next do i do?pls help

  Hello:
  Ok here we go:
  1- You have to restart your MBA holding down the Command+S keys, and this will take you into Single User Mode and it’s Terminal interface.
  2- Then you have to check the filesystem. to do this you have to type the following command in the terminal interface:
  fsck -fy
  3- Then you have to mount the root drive with write option enabled so you can apply and save any changes. Type this in the temrinal interface:
  mount -uw /
  4- And then type this command exactly as you see it here:
  rm /var/db/.AppleSetupDone
  5- Reboot your MBA by typing this in the terminal interface:
  reboot
  6- After you reboot, you will be see the “Welcome Wizard” startup screen. Follow the wizard and create a new user account. This new account name must be different from the one you already have
  7- Continue and boot into your Mac OS X with the new account you have just created, this new user account is an Administrator and has administrative access
  8- Now that you're logged in, go to System Preferences
  9- Click on Users & Groups
  10- Click on the Lock icon and use your newly created user name and password if asked. This will allow you to make changes to other user accounts
  11- On the user panel select the user account whose password you cannot change and then click on the Change Password... button and enter your new password.
  12- Delete, or grant administrative privileges to that old account
  13- Reboot/restart your MBA and now you can log back in with your old account. If you want you can delete the user account you created following this steps.
  Hope this helps.
  Good luck