Changing a User's Password to One Already in Use

• Microsoft Windows NT operating system version 3.1
• Microsoft Windows NT Advanced Server version 3.1

SYMPTOMS

You can change a user's password to one that is already used. (See "Steps to Reproduce Behavior," below.)

CAUSE

The Password Uniqueness feature allows administrators to force users to change passwords regularly and not to use the same password over and over. It is up to the administrator to decide how to use Password Uniqueness and when to override it and reset a user's password.

A user's password history is not remembered when Password Uniqueness is set. By design, password history does not apply when an administrator is setting a user's password--only when users are changing their own passwords.

(Under LAN Manager 2.x, you can do the same thing by changing the Password Uniqueness setting to zero, resetting the user's password, then returning Password Uniqueness to its previous value.)

STATUS

This behavior is by design.

MORE INFORMATION

Steps to Reproduce Behavior

1. Start the Windows NT User Manager.

2. In the Policies dialog box, choose Account.

3. Set the Password Uniqueness value to a number such as 2.

4. Close the dialog box.

5. From the User menu, choose New User.

6. In the Username box, type a username (for example, User1).

7. Give User1 a password (for instance, Pass1). Close the dialog box.

8. In the main user list, double-click User1. In the Password and Confirm Password boxes, enter the same password you used in step 7.

9. Close the dialog box.

NOTE: This behavior occurs in the Windows NT Advanced Server User Manager as well.