Check or Attack Name: Password Cannot Change

The user cannot change their password. This setting is not recommended unless this is a service account, as it leads to less frequent password changes.

False Positives: If this is a service account, then this condition does not indicate a vulnerability.

If the user should be able to change their password:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user from the list.
3. From the User menu, select Properties to display the User Properties dialog box.
4. Clear the User Cannot Change Password check box.
5. Click OK.