Frequently Asked Questions
The customized client message is not shown when a password change fails
- Verify that the “Specops Password Client” is installed on the computer and that the computer has been restarted. If the client has been successfully loaded, there should be an event in the Application log with source “Specops Password Client” and id 101.
- Ensure that the settings in the proposed SPP password policy are more restrictive than the settings in the “Default Domain Policy”.
- Configuring a setting in the built-in password policy to “Not defined” does not remove the setting from the domain; instead the setting will be set to the last configured value.
- If the new password does not meet the requirements specified in the “Default Domain Policy”, the Windows error message will be shown instead of the message provided by “Specops Password Client”
- The Specops Password Policy Sentinel must be installed on all writable domaincontrollers.
The “Specops Password Policy…” menu item does not show up when right-clicking a user in Active Directory Users and Computers
- Verify that the “Specops Password Policy Administrative Tools” is installed on the computer.
- The Specops Active Directory Users and Computers menu extensions must be installed in order to show the menu extension in Active Directory Users and Computers.
Is it necessary to install Sentinel on a read-only domain controller (RODC)
No. There is no need for installing Sentinel on a RODC, because no password changes can occur on a RODC.
If have a user that’s affected by a password policy with a maximum password age configured, but the user is never forced to changed the password. Why?
Specops Password Policy will not expire a users password if any of the following options are set on the user object:
- User must change password at next logon
- User cannot change password
- Password never expires
- Smart card is required for interactive logon
Cannot set the Administrator password while demoting a domain controller
If Specops Password Policy Sentinel is installed on the domain controller then you must first uninstall Specops Password Policy Sentinel, before starting the demote process.
When using Remote Desktop Connection client (version 6.0 or higher) to connect to a Windows Vista or Windows Server 2008 that has Specops Password client installed, then the user has to enter credentials twice.
A workaround is to create a RDP file containing the following line: enablecredsspsupport:i:0
This will disable NLA and logon on is only done at the remote client.
Page last modified on August 16, 2012