If you can't find what you need using the site search on the toolbar above, or if you need more detailed help or just need to be pointed in the right direction, post your question to the newly opened kadaitcha.cx forums. Membership is free.

Troubleshoot Password Problems

Forgot Password
Note: The above series of Microsoft articles takes a gigantic leap of faith in your not having set an Administrator password, nor do the articles spell out that if you have set an Administrator password and you've also forgotten that then you're in big trouble. See the next article under "If you do not use EFS" on how to get to your documents if you've also set an Administrator password and forgot that too.
 
Log On if you Forget your Password or it Expires

Note: If you have forgotten your user logon password and you are not sure if you created an Administrator password, start Windows in Safe mode and try logging on as Administrator using a blank password. If you have not created a password reset disk and you have also forgotten your Administrator password, you cannot log on to your existing Windows installation for security reasons. Microsoft state that you must perform a "clean" installation of Windows XP, re-create all user accounts, and reinstall all of your programs. However this is unnecessary if you have not implemented the Windows XP Encrypting File System.

If you do not use EFS:
You can install XP to another partition and recover your documents from there. If you do not have another partition, you can perform a Parallel Installation and still recover your documents. You can also use almost any Linux boot CD to gain access to NTFS partitions:
For the ultra-desperate hacker, check out the offline password editor. Apparently this toolset also works on Vista. The offline editor will modify the encrypted password in the (Security Accounts Manager) SAM database, and you do not need to know the old password either. The tool will also detect and unlock locked out or disabled user accounts.

If you use EFS:
You must have backed up your EFS Certificates and the Recovery Agent. Read the article titled Backing up EFS Certificates and Recovery Agents to avoid this issue in the future. You should also resign yourself to performing a clean installation of Windows XP, re-creating all user accounts, and reinstalling all of your applications. If you made backups, read Restoring EFS Certificates and Recovery Agents.

Whilst the latter two links to the compulink site have some good information about backing up and restoring EFS certificates, along with screen dumps, the articles are very difficult to follow because they're not well written. If you have trouble following the narrative there, try these:

How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP

Best practices for the Encrypting File System

Note: If you are using EFS, your data is useless without the password or EFS certificates. Don't blame the OS if you're in this situation because you enabled EFS to keep people out of your data, right?
Take Ownership of a File or Folder in Windows XP

This article describes how to take ownership of a file or folder to which you have been denied access. If you require access to a file or folder to which you do not have access (permission), you must take ownership of that file or folder, where you replace the security permissions to allow yourself access. If you have been denied access to a folder and you have implemented the Windows XP Encrypting File System (EFS) and also reinstalled XP, this article will not help you. To recover EFS encrypted folders you must have backed up your EFS Certificates and the Recovery Agent. Read the the next section titled "Log On if you Forget your Password or it Expires."
"The password is not valid" error message appears when you log on to Recovery Console in Windows XP

When you attempt to log on to Recovery Console in Windows XP by typing the correct password for the local Administrator account, Recovery Console may display the following error message:

The password is not valid. Please retype the password.
Cannot unlock workstation with ForceUnlockLogon and expired password

When you try to unlock your computer, you may receive an error message that is similar to the following: The password is incorrect. Please retype your password. Letters in passwords must be typed using the correct case. You cannot unlock your computer.
"You do not have permission to change your password" error message when you try to change your password in Windows XP

Fixes a problem where you cannot change your password after you log on to your Windows XP-based computer for the first time.
Windows Prompts You to Change Your Password Every Time You Log On

When you try to log on to Windows XP Professional, you may receive the following message: Your password will expire in number of days. Do you want to change it now?
Windows Prompts You to Change Your Password Although No Password Was Configured

After you upgrade to Windows XP Professional, you may receive the following error message: Your password will expire in a number days. Do you want to change it now? You may receive this message although you have never used a password.
How to create and use a password reset disk for a computer that is not a domain member in Windows XP

Explains how to create and how to use a password reset disk for a non-domain member computer in Windows XP.
"Please Type a Different Password" Error Message When You Change Your Password for a Second Time

When you try to change your password on a Microsoft Windows XP Professional-based computer, you may receive an error message that is similar to the following:

Your password must be at least number characters; cannot repeat your previous number...
Scheduled Tasks cannot run with a blank password

After you schedule a task by using the Scheduled Tasks tool, the task may not run at the time you chose. If you view the status of the task, you may receive the following error message:

The scheduled task did not run because no user account password was entered.
The Battery Alarm Does Not Run a Program with a Blank Password

A new security feature in Windows XP does not allow the use of a blank password when you configuring the Low Battery alarm or the Critical Battery alarm to run a program when the battery level drops to a predefined level that you set.
Unable to Clear the Password Box in the "Connect to" Dialog Box After Remote Connection

When you try to clear the password box in the Connect to ISP Name dialog box after being connected to a remote computer, you may not be able to completely clear the password box. The password always goes back to the password that you most recently used.
Information on System Restore and Password Restoration

This article describes how the restoration of passwords is managed by System Restore on a Windows XP-based computer, and describes which types of passwords are restored and which are not restored.
Passwords Are Unexpectedly Assigned to User Accounts After You Upgrade to Windows XP

When you upgrade or install Microsoft Windows XP, passwords may be assigned to user accounts that previously had no password or you did not assign passwords to any user accounts during the installation process. As a result, you cannot log on to the computer.
EFS, Credentials, and Private Keys from Certificates Are Unavailable After a Password Is Reset

After you reset the password of an account on a Windows XP-based computer that is joined to a workgroup, you may lose access to the user's: Web page credentials; File share credentials; EFS-encrypted files; Certificates with private keys (SIGNED/ENCRYPTed e-mail).
Passwords Are Lost After Upgrading to Windows XP

After you upgrade to Windows XP from Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me), certain passwords may no longer be saved. Uninstalling Windows XP does not restore these passwords.
Screensaver Password Protection Does Not Work

When you return to Windows from your password-protected screensaver, you are not prompted for your password.
Cannot Change the Password for the Administrator Account in User Accounts in Control Panel

After you log on as an administrator to a computer that is not a member of a domain, when you double-click User Accounts in Control Panel to change the password for the built-in Administrator account, the Administrator account may not appear in the list of user accounts. Consequently, you cannot change its password.
You Are Prompted to Type a Password After You Upgrade to Windows XP

After you upgrade from Microsoft Windows Millennium Edition or Microsoft Windows 98 to Windows XP, you may be prompted to log on by typing a password. This symptom may occur even if no password previously existed or was specified during the upgrade process. When this occurs, you may not be able to log on, regardless of the password you type.
Cannot Use Network Printer If Your Password Is Not Saved

If you do not have direct access to a printer, but you do have a user account and password that does have access, you may be unable to print to the same network printer the next time you log on to the computer, and you may receive one of the following error messages: Access is denied; The RPC server is unavailable; Could not start print job. If you check the status of the network printer in the Printers folder, it may appear as:

Access denied, unable to connect.
Windows XP or Windows 2000 prompts you to change your password even after you have already changed your password

Fixes a problem where Windows XP or Windows 2000 prompts you to change an expired password even after you have just changed your password.
You cannot access EFS files after you change the user password to a new password on a Windows XP Service Pack 2-based computer

Provides a fix for a problem where you cannot access EFS files after you change the user password to a new password on a Windows XP Service Pack 2 (SP2)-based computer.
How to set power options so that you are not prompted for a password when a Windows XP based-computer resumes from standby

Describes how to set the power options in Windows XP so that you are not prompted for a password when your computer resumes from standby.
You Are Not Prompted to Create a Password When You Create a New User Account on a Windows XP Home Edition-Based Computer

When you create a new user on a Microsoft Windows XP Home Edition-based computer, you are not prompted to create a password.
Error Message: Unable to Log You on Because of an Account Restriction

When you install Windows XP Home Edition, you are prompted to enter a password for the Administrator account. After the installation has completed, you can only use the Administrator account in Safe mode.
Passwords Are Not Migrated by the Files and Settings Transfer Wizard or User State Migration Tool

After you use the Files and Settings Transfer Wizard or the User State Migration Tool to migrate program settings, programs that require passwords may no longer work properly, or may prompt you for a password that you previously saved.
A broadband connection that requires a user name and a password is not available in Windows XP

Describes how to resolve an issue where a broadband connection that requires a user name and password is not available in Windows XP.
Forgotten your Windows XP Home password? - Part 1: Introduction

This article is Part 1 of the Forgotten your Windows XP Home password? guide. Part 1 introduces this topic.

Forgotten your Windows XP Home password? - Part 2: Using a password reset disk

Forgotten your Windows XP Home password? - Part 3: Setting a new password as an administrator
"You Do Not Have Permission to Change Your Password" Error Message When You Change Your Password At Logon

When you try to log on to a Microsoft Windows Server 2003-based computer or to a Microsoft Windows 2000-based computer, you may be prompted to change your password. After you enter your new password, you may receive the following error message:

You do not have permission to change your password.
You receive a "You do not have permissions to change your password" error message when you type a password that does not meet the password restrictions in Windows XP

Consider the following scenario. Your Microsoft Windows XP-based computer or Windows XP Service Pack 1 (SP1)-based computer is part of a Microsoft Windows NT 4.0 domain. You log on to the computer for the first time, and you are prompted to change your password. You type a password that does not meet the password restrictions that are set on the domain controller. You receive an incorrect error message that is similar to the following error message:

You do not have permissions to change your password.

Note: When you type a password that does not meet the password restrictions that are set on the domain controller, you should receive a message that the password does not meet the password restrictions together with a description of the restrictions.
You receive a "The system cannot change your password now because the domain <DomainName> is not available" error message when you try to change your password in Windows XP or in Windows 2000

When you try to change your password in Microsoft Windows XP or in Microsoft Windows 2000 on a locked-out account that has the User must change password at next logon attribute set, you receive an error message that is similar to the following:

The system cannot change your password now because the domain <DomainName> is not available.

Note: In this error message, DomainName is a placeholder for the actual domain name.
"User must change password at next logon" check box is unavailable

After you have been granted the Reset User Passwords and Force Password Change at Next Logon permission, and you log on to a Microsoft Windows Server 2003 domain controller or a Microsoft Windows XP-based computer that has the Windows Server 2003 Administration Tools Pack installed, the following symptoms may occur:
  • In Active Directory Users and Computers, when you right-click a user name, and then click Reset Password, the User must change password at next logon check box is unavailable.
  • In Active Directory Users and Computers, when you open Properties for a user, the User must change password at next logon check box is available on the Account tab.
How to setup strong password policy in Windows XP

This article explains one of the simplest ways to improve security of a Windows XP PC by implementing a strong password.
You may receive a "The system cannot change your password now because the domain is not available" error message in Windows XP after you try to change your password

When you use a user principal name (UPN) to log on to Microsoft Windows XP, you may be prompted to change your password. When you try to change your password, you may receive an error message that is similar to the following:

The system cannot change your password now because the domain is not available.
You receive an error message if you use your user principal name to change your password in Windows XP Professional

If you change your password on a Microsoft Windows XP-based computer that is a member of a domain, you receive the following error message:

The user name or old password is incorrect. Letters in passwords must be typed using the correct case. Make sure the Caps is not accidentally on.

This symptom occurs if all the following conditions are true:
  • You are using your user principal name (UPN) to change your password. For example, you are using YourAccountName@example.com to change your password.
  • The Security Accounts Manager (SAM) account user name is different from the first part of the UPN.
    • Note The SAM account uses the following format:
      DomainName\SAMacctUserName
  • You are logging on to a domain of a different forest, and the computer that you use is not a member of the domain to which you are logging on. The trusted domain to which you log on is not using Microsoft Windows Server 2003 forest trust.
How to log on to your Windows XP-based computer if you forget your password or if your password expires

If you forget your password or if your password expires, you can no longer log on to your computer until you reset your password. This article contains several step-by-step methods that you can use to try to reset your password so that you can log on to your computer again. However, these steps will only work if you or someone else knows the password for another user account on this computer, or if you have previously created a password reset disk for this computer. If this not the case, unfortunately, you have to reinstall Windows XP and all other programs that were installed on this computer before you can use this computer again. This is for security reasons. Otherwise, anyone could reset a password to anyone's computer and gain access to private information.

This article is intended for a beginning to intermediate computer user.

You may find it easier to follow the steps if you print this article first.
How To Manage Stored User Names and Passwords on a Computer That Is Not in a Domain in Windows XP

This article describes how to manage stored user names and passwords on a computer that is not a member of a domain.

When you log on to a Windows XP-based computer, you can supply a user name and password, which becomes your default security context for connecting to other computers on networks and over the Internet. However, this user name and password may not provide access to all desired resources. The Stored User Names and Passwords feature provides a way to store additional user names and passwords as a part of your profile.

Stored User Names and Passwords is a secured store for password information. With this feature, you can type user names and passwords for various network resources and applications (such as email) one time, and then have Windows automatically supply that information for subsequent visits to those resources without your intervention.
How to manage stored user names and passwords on a computer in a domain in Windows XP

This article describes how to manage stored user names and passwords on a computer that is a member of a domain.

Stored User Names and Passwords is a secured store for password information. With this feature, you can enter user names and passwords for various network resources and applications (such as e-mail) once, and then have Windows automatically supply that information for subsequent visits to those resources without your intervention.
You receive a "The system cannot change your password because the domain 'MIT Realm' is not available" error message when you try to change your password on your Windows XP-based computer

When you try to change the logon password on your Windows XP-based computer, you receive the following error message:

The system cannot change your password because the domain MIT Realm is not available.
You receive the Change Password dialog box when you try to use a smart card to log on to a Windows Server 2003 domain in Windows XP Professional

In Microsoft Windows XP Professional, when you try to use a smart card to log on to a Microsoft Windows Server 2003 domain, you receive the Change Password dialog box. In the Change Password dialog box, the User Name box is empty and the Old Password box is full.
How to create and use a password reset disk for a computer in a domain in Windows XP

This article describes how to create and use a password reset disk for a computer that is a member of a domain. You can use a password reset disk to gain access to your Microsoft Windows XP Professional-based computer if you forget your password.
Unable to Change Password with User Principal Name When a Global Catalog Server Is Unavailable

When you attempt to change your password by using your user principal name (youraccount@yourcompany.com), you may receive one of the following error messages.

If the account is in the parent domain:
The user name or old password is incorrect. Letters in passwords must be typed using the correct case. Make sure the Caps is not accidentally on.

If the account is in a child domain:
Unable to change the password on this account due to the following error:

1359 : An internal error occurred
Please consult your system administrator.

Changing the password on a locked-out account generates a "domain not available" message

If a user tries to change their password on an account that is locked out and has the User must change password at next logon attribute set, the user receives the following error message:

The system cannot change your password now because the domain domain_name is not available.

This error message is misleading because it does not distinguish between the actual situation (a locked-out account) and true connectivity problems.
Behavior of stored user names and passwords

Windows XP introduces a new behavior which makes it easier to access resources that require credentials other than the logged-on user's credentials. This article describes the functionality and expected behavior of Stored User Names and Passwords.
Error message when you try to connect to a remote share by using NTLM authentication on a Windows XP-based computer: "Logon failure: unknown user name or bad password"

When you try to connect to a remote share by using NTLM authentication on a Microsoft Windows XP-based computer, you may receive the following error message:

Logon failure: unknown user name or bad password.

For example, you may experience this problem when you try to connect to a remote share by using the IP address as the server name.

Note: This problem does not occur if you use Kerberos authentication.
14 Day Password Change Notification Cannot Be Changed

In Windows NT 3.x, when your password is 14 days from expiration, you receive a Password Change Notification when logging on requesting you to change your password. If the Maximum Password Age is set to 30 days, you receive the notice when your password is only half way through its life span. Although you may wish to change the advance time of the reminder, the Password Change Notification is hard coded at 14 days in Windows NT 3.x and is not configurable.

Note: Despite this article referring to NT 3.x, it is applicable to XP.
Stored User Names and Passwords Feature Interoperability at a Command Prompt

You can use the Stored User Names and Passwords feature that is included in Windows XP at a command prompt.
How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases

Instead of storing your user account password in clear-text, Windows generates and stores user account passwords by using two different password representations, generally known as "hashes." When you set or change the password for a user account to a password that contains fewer than 15 characters, Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of the password. These hashes are stored in the local Security Accounts Manager (SAM) database or in Active Directory.

The LM hash is relatively weak compared to the NT hash, and it is therefore prone to fast brute force attack. Therefore, you may want to prevent Windows from storing an LM hash of your password. This article describes how to do this so that Windows only stores the stronger NT hash of your password.
Users Receive a Password Complexity Requirements Message That Does Not Specify Character Group Requirements for a Password

When you set the Passwords must meet complexity requirements policy setting, and a user logs on to the computer or to a domain and types a password in the Change Password dialog box that does not meet the complexity requirements, the user receives the following message:

Your password must be at least x characters; cannot repeat any of your previous x passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes.

This message is expected behaviour when a user tries to change the password and the password does not meet the complexity requirements that you set. However, some of the content of the message may be confusing to some users because it does not explicitly specify that the password must contain at least three of the following four character groups:
  • English uppercase characters (A through Z)
  • English lowercase characters (a through z)
  • Numerals (0 through 9)
  • Non-alphabetic characters (such as !, $, #, %)
User cannot gain access to certificate functionality after password change or when using a roaming profile

When a user tries to use certificate functionality after they change their password or when they use a roaming profile, they may lose access to this certificate functionality. Certificate functionality that may not work as before includes the following:
  • Accessing files that are encrypted with Encrypting File System (EFS)
  • Accessing a secure Web page that requires certificate authentication
  • Signing e-mail with Secure/Multipurpose Internet Mail Extensions (S/MIME)
When they try to access a secure Web site, the following error message is logged:

Schannel Event: 36870
A fatal error occurred when you try to access the SSL client credential private key. The error code returned from the cryptographic module is 0x80090016.

Users Group Member Can Add New Users in Windows XP

When a member of the Users group tries to use the Users and Passwords tool in Control Panel in Windows XP, the user is prompted for the Administrator password:

You must be a member of the Administrators group on the computer to open the Users and Passwords control panel. You are logged in as Machine_name\User_name, which is not a member of the Administrators group.

Specify the user name and password of an Administrator on this computer to continue:

User name:
Password:

You can change your password without opening the Users and Passwords control panel by pressing CRTL-ALT-DEL and selecting Change Password.


However, the Administrator account and password are ignored if the user runs the Administrative Tools tool in Control Panel. The user can gain access to the Computer Management tool and the Local Users and Groups subtree it contains. When the user gains access, a member of the Users group can add a new user to the computer. The user can also change the password for the created account. Members of the Users group cannot promote the new user to the Administrators group, nor can they change another account's password.
Screen Saver Is Not Password-Protected When You Apply the "Password Protect the Screen Saver" Group Policy Setting

You may experience one or more of the following symptoms when you apply the "Password protect the screen saver" Group Policy setting to Windows XP and Windows XP Service Pack 1 (SP1)-based computers:
  • When you create or edit the policy on a Windows XP-based computer, the policy is not applied correctly to Windows XP Service Pack 1 (SP1) client computers.
  • When you create or edit the policy on a computer with Microsoft Windows Server 2003, Microsoft Windows 2000, or Windows XP SP1, the policy is not applied correctly to Windows XP client computers.
For example, if you enable the "Password protect the screen saver" Group Policy, and you view the screen saver settings of the client computer (right-click an empty area of the desktop, click Properties, and then click the Screen Saver tab), the On resume, password protect check box is selected as expected, but the screen saver is not actually password-protected.
Changes are not applied when you change the password policy

When you change the password policy, the changes are not applied as expected.
How To Set A Password For The Guest Account

A guest account provides access to the computer for any user who does not have a user account on the computer. By default you do not require any password or, you can not create any password for this account either. Still if you wish to set a password for this guest account then you can easily do so.
How to restrict users from changing Password in Windows XP

Windows XP allows the administrators to restrict other users from changing the password.
You Are Locked Out of Your Account When You Try to Change Your Expired Password

When you try to change your password after your password has expired, you are locked out of your account.
How to view, add, remove or edit the saved Users names and passwords on a given system

This tip will allow you to view, add, remove or edit the stored .NET users names and passwords. Each user's name and password has the unique credential which helps one to authenticate to services in domains.
You Cannot Decrypt Files After You Reset Your Password with a Password-Reset Disk

After you reset your local computer account password by using a password-reset disk, you may be unable to decrypt encrypted files or folders.
When using sysprep.exe, passwords cannot be saved

When the sysprep tool has been used to install Windows XP or Windows 2000, there are cases in which checking the “Save Password” box in Internet Explorer or Outlook Express does not work. This occurs when the user has logged in as an existing user (such as Administrator) prior to running the sysprep tool.

Since the following functionality also uses Protected Storage Service, they may not work as expected:
  • Password save in Internet Explorer
  • Auto Complete in Internet Explorer
  • Subscription in Internet Explorer
You are prompted to type your user name and password before you can log on to Project Server 2003 if you connect from a computer that is outside the Active Directory domain

Consider the following scenario. Microsoft Office Project Server 2003 is configured to use Microsoft Windows authentication to authenticate user accounts. You connect to Project Server 2003 by using Microsoft Office Project Web Access 2003 from a Microsoft Windows Server 2003-based computer or from a Microsoft Windows XP-based computer that is outside the Active Directory directory service domain. When you do this, a Connect to ServerName dialog box appears on the screen. You are prompted to type your user name and password before you can log on to Project Server 2003.
How to install password synchronization on a UNIX host for a UNIX-to-Windows migration

Password synchronization provides one-way (Windows-to-UNIX) and two-way password synchronization between Windows domains and Network Information Service (NIS) domains. The master server of the NIS domain can be running on UNIX or on Windows (Server for NIS).

Windows Services for UNIX provides precompiled binaries to support password synchronization on supported UNIX and Linux hosts. The following list describes supported hosts for Windows Services for UNIX 3.0:
  • HP-UX 11
  • Sun Solaris (sparc) 7.0, 8
  • IBM AIX 4.3.3
  • Red Hat Linux 7.0
Windows Sends Your Old Password to a Third-Party Network Provider When You Change Your Password While You Log On

When you change your password while you log on to Windows, you may not authenticate successfully with a third-party network provider. For example, a user logs on to Windows and Citrix MetaFrame with a new password, the Windows password is successful, but the Citrix MetaFrame password is not successful.
How To Disable the Save Password option in Dial-Up Networking

When you dial a phonebook entry in Dial-Up Networking, you can use the "Save Password" option so that your Dial-Up Networking password is cached and you will not need to enter it on successive dial attempts. For security, administrators may want to prevent users from caching passwords.
Help Topic for Resetting Parental Control Password Is Incorrect

If you forgot your four-digit parental control password and you follow the steps that are listed in Help to reset it, the password does not reset.
Screen saver grace period bypasses password protection

After you configure your computer to use a screen saver with a password, and after the screen saver has started, you may be able to bypass the password security and unlock the computer by pressing a key or by moving the mouse.
Your password is applied without confirmation when you click "Skip" in the Out of Box Experience component in Windows XP

When you start a Microsoft Windows XP-based computer for the first time, the Out of Box Experience (OOBE) component runs. When the Setup Wizard then displays the Administrator Password page, you are prompted to type an administrator password in the Administrator Password box. But after you type a password, instead of retyping the password in the Confirm Password box, you decide to click Skip to skip the operation. However, when you click Skip, the operation is not skipped. Instead, the password that you typed is applied.

Because of this problem, you may not remember what password that you typed. Therefore, you may not be able to log on to Windows by using the administrator account.
FIX: The WNetAddConnection2 function does not send the correct default password when the IpPassword parameter is NULL

If the lpPassword parameter of the WNetAddConnection2 function is NULL, the WNetAddConnection2 function does not send the correct default password. The password is associated with the user name that is specified by the lpUserName parameter for a World Wide Web Distributed Authoring and Versioning (WebDAV) communication.

Note The Server Message Block (SMB) redirector functions correctly with a specified user name and a NULL password.
Stored User Names and Passwords Does Not Prompt for Credentials When You Attempt to Connect to a Resource

When you attempt to connect to a resource, you may not be prompted for your credentials by the Stored User Names and Passwords feature as you expect. Instead, you cannot connect to the resource.
Windows Prompts You for Your Password Multiple Times When You Use Outlook If Strong Private Key Protection Is Set to High

If the strong private key protection functionality is set to High with a software key in CryptoAPI, Windows XP prompts you for your private key password every time Outlook accesses the key for signing, encrypting, or decrypting an e-mail message.
You are no longer prompted to enter your private key password every time that the private key is accessed after you upgrade your computer to Windows XP Service Pack 2

You are no longer prompted to enter your private key password when strong private key protection functionality is set to high. This issue occurs after you upgrade your computer to Microsoft Windows XP Service Pack 2 (SP2), or after you install the hotfix that is described in the following article in the Microsoft Knowledge Base:

821574 (http://support.microsoft.com/kb/821574/) Windows prompts you for your password multiple times when you use Outlook if strong private key protection is set to high.

When strong private key protection functionality is set to high by using a software key in CryptoAPI, you are no longer prompted to enter your private key password every time that the private key is used to sign data, to encrypt data, or to decrypt data. You are only prompted to enter your private key password the first time that the private key is accessed.
Migration Wizard Does Not Migrate Passwords

When you use the Migration Wizard, passwords may not migrate.
Computer does not join the domain if encrypted domain administrator password is in the Identification section of an unattended answer-file

If you run a Windows XP unattended answer-file that includes an encrypted domain administrator password in the [Identification] section, the computer may not join the domain. The following text is an example of an unattended answer-file that includes an encrypted domain administrator password:

[Identification]
JoinDomain=mydomain
DomainAdmin= installer
EncryptedDomainAdminPassword=
d85774cf671a9947aad3b435b51404eebaac3929fabc9e6dcd32421ba94a84d4

You cannot enter your password to exit hibernation on a Tablet PC

When you wake Microsoft Windows XP Tablet PC Edition from hibernation, you cannot enter your password through the Tablet PC Input Panel unless you tap the SHIFT key on the Input Panel more than one time. Sometimes, you cannot enter your password at all, and you have to restart the Tablet PC.
You cannot log on after you remove the computer from the domain

After you change a computer's membership from a domain to a workgroup and restart the computer, you cannot log on with your previous user name and password. You may also receive the following error message:

The system could not log you on. Make sure your user name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentally on.
Logon Screen Appears to Stop Responding After Several Unsuccessful Password Attempts

After you enter an incorrect password for your user account several times in a row, the logon screen appears to stop responding (hang) for a period of time, and then functions again. This behaviour happens after you enter an incorrect password six times in a row.
User Must Change Password at Next Logon Option Is Unavailable

When you view the properties of a user account, the User must change password at next logon option may not be available.
Removable devices may not appear when you use the Forgotten Password Wizard or the Password Reset Wizard in Windows XP

In Microsoft Windows XP, removable devices may not appear when you use the Forgotten Password Wizard or the Password Reset Wizard. For example, when you use the Forgotten Password Wizard to create a password reset disk, removable devices may not appear in the list of devices to which you can back up your password. Additionally, when you use the Password Reset Wizard to reset your password, removable devices may not appear in the list of devices from which you can restore your password.
Password Expires Without Notification Over Remote Access Connection to Windows NT 4.0 Domain

When you use the Remote Access Service (RAS) to log on to a Microsoft Windows NT 4.0 domain, your password may expire although you have not received the expected password expiry notification.
Network access validation algorithms and examples for Windows Server 2003, Windows XP, and Windows 2000

The following is a simplified algorithm that explains how Windows account validation is observed to function during network access using the NTLM protocol. It is using access through the server message block (SMB) protocol as the example, but it applies to all other server applications that support NTLM authentication. This discussion does not cover the internal workings of this process. With this information, you can predict Windows network logon behaviour under deterministic conditions.
Issues with domain membership after a system restore

You may experience the following behaviors:
  • If you use System Restore after the password change interval expired one time, and you restore the computer to a point before the password changes, the next password change may not occur when it is due. Instead, the operating system treats the restore as if the password was changed.
  • If you use System Restore after the password change interval expired two times, and you restore the computer to a point before the password changes, the domain users accounts on the computer are disabled, and users receive an error message when they try to log on.
Administrator Account Not Used for Logon

When you install a version of Windows XP, Setup prompts you for a password for the Administrator account. After installation is complete, the password provided during Setup is applied to the account.
How to use the SysKey utility to secure the Windows Security Accounts Manager database

The Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows 2003 Security Accounts Management Database (SAM) stores hashed copies of user passwords. This database is encrypted with a locally stored system key. To keep the SAM database secure, Windows requires that the password hashes are encrypted. Windows prevents the use of stored, unencrypted password hashes.

You can use the SysKey utility to additionally secure the SAM database by moving the SAM database encryption key off the Windows-based computer. The SysKey utility can also be used to configure a start-up password that must be entered to decrypt the system key so that Windows can access the SAM database. This article describes how to use the SysKey utility to secure the Windows SAM database.
Automatic Logon Does Not Work if the Local Administrator Password Is Encrypted in the Answer File

When you try to use the automatic logon feature in Windows XP to run unattended or Sysprep.exe installations, automatic logon may not occur, even though your answer file has the correct settings.
How to obtain password expiration date by using LDAP ADSI provider

This article contains sample code that demonstrates how to use the LDAP ADSI provider to obtain the password expiration date of an Active Directory user.
Forgotten Password Wizard Prompts You to Insert a Disk into Drive C

When you run the Forgotten Password Wizard in Microsoft Windows XP to create a password reset disk on a computer that does not have a floppy disk drive, you are prompted to insert a blank, formatted disk into drive C.
Netdom.exe Cannot Join a Windows XP Professional-Based Computer to a Domain

When you use the Netdom.exe utility to join a Windows XP Professional-based computer to a domain, you may receive the following error message:

The specified network password is not correct.

The command failed to complete successfully.

No Password Expiration Notice Is Presented During the Logon Process

Windows XP may not display a notice to a user that the user's password is about to expire. This problem may occur if the user logs on to a Microsoft Windows 2000-based domain from a Windows XP Professional-based computer on which the user has previously logged on, and the user's password will expire in the specified expiry period.
User Accounts That You Create During Setup Are Administrator Account Types

After you install Windows XP, you have the option to create user accounts. If you create user accounts, by default, they will have an account type of Administrator with no password.
NTLM user authentication in Windows

This article discusses the following aspects of NTLM user authentication in Windows:
  • Password storage in the account database
  • User authentication by using the MSV1_0 authentication package
  • Pass-through authentication
The "Administrator Logon" Dialog Box May Be Hidden Under the Welcome Screen or "The System Could Not Log You on" Message May Be Displayed

The Administrator Logon dialog box may be hidden under the Welcome screen when the AutoAdminLogon feature is enabled and the user account is either deleted or missing.

Or

The Log On to Windows dialog box may be displayed with incorrect credentials after the Autologon feature had been unsuccessful, and you received the following error message:

The system could not log you on. Make sure your user name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.
How to access a network resource that requires username and password authentication when your user account requires a smart card for interactive logon

his article describes how to access a network resource where you must supply credentials when your user account is configured with the Smart card is required for interactive logon setting.
"Event ID: 7000" or "Event ID: 7013" Error Message When You Attempt to Start a Service

When a service does not start because of a logon failure, you may receive either of the following error messages in the system event log after you restart the computer (where ServiceName is the name of the service in question):

Source: Service Control Manager
Event ID: 7000
Description:
The ServiceName service failed to start due to the following error:
The service did not start due to a logon failure.

No Data will be available.


Or

Source: Service Control Manager
Event ID: 7013
Description:
Logon attempt with current password failed with the following error:
Logon failure: unknown user name or bad password.

No Data will be available.


When you attempt to manually start the service, you may receive the following error message:

Microsoft Management Console
Could not start the ServiceName service on Local Computer
Error 1069: The service did not start due to a logon failure.


Note: You may receive these error messages even though the user account is valid.
Cannot Use an MIT Kerberos Realm User's Cached Credentials to Log On to a Windows XP Client

When you try to use the cached credentials of an Massachusetts Institute of Technology (MIT) Kerberos Realm user to log on to a Windows XP Professional workstation, you may receive the following error message:

The system could not log you on. Make sure your user name and domain are correct, and then type your password again. Letters in passwords must be typed using the correct case.
Windows XP Skips "Welcome" Screen and Automatically Displays the Desktop After Upgrade from Windows 2000

After you upgrade a Microsoft Windows 2000-based computer, Windows XP Professional may start directly to the desktop without stopping at the Welcome screen or requiring you to type a username and password.

If you then create a new user account, you may not receive any option that allows you to log on by using the new account.
Computer stops responding after you upgrade from Windows 98 or Windows Me to Windows XP

After you upgrade a computer to Microsoft Windows XP from Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me), the computer may appear to stop responding (hang) right after you type a password and dismiss the password creation dialog box. Additionally, you may see only a blue background on the screen.

If you press ALT+TAB to switch between the Windows Logon screen and the Welcome To Windows screen, the screen may not change, depending on what screen you are switching.
Incorrect Warning Message When an Administrator Resets a Password

When an administrator tries to reset the password for a local user on a computer by using the Local Users and Groups snap-in, you receive the following incorrect message:

Any password reset disks the user has created will no longer work.

Note: that this message is incorrect; the user can use password reset disks.
Credential manager cannot acquire log on credentials when you try to log on remotely to a Windows XP-based computer

After you complete the following procedure, you may be prompted to type a user password each time you try to log on to a remote computer:
  • You store user credentials in a Terminal server computer by using a third-party credential manager program.
  • You try to log on remotely to the Terminal server computer from a Windows XP-based computer by using the Windows XP Remote Desktop feature.
Your credential manager program may not be able to acquire the log on credentials for the user, and you may be prompted to type the user password each time you try to log on to the remote computer.
You Are Unable to Encrypt the User Name and Password to Join a Domain When You Use an Unattend File

When you create an Unattend.txt file to perform unattended installations of Windows XP, you do not have an option to encrypt the user name and user password to join a domain.
When you create an Unattend.txt file to perform unattended installations of Windows XP, you do not have an option to encrypt the user name and user password to join a domain.

When you try to log on to a Windows NT 4.0 domain from a Windows XP-based computer, you may receive the following error message:

The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect.

You can log on locally to your computer and map drives to the Windows NT 4.0 Server-based computer by using your user domain credentials, and you can log on to the domain by using the same user account from a Windows NT 4.0-based computer.
Error Message: "Windows Cannot Load the Locally Stored Profile"

When you log on to Windows XP, it may take longer than you expect. When you use CTRL-ALT-DELETE to log out, you may receive the following error message:

Windows cannot load the locally stored profile: Insufficient security rights or a corrupted local file. Windows has logged you in with a temporary profile any setting you make will not be saved.
Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000

This article discusses cached credentials security in Microsoft Windows Server 2003, in Microsoft Windows XP, and in Microsoft Windows 2000. This article mostly discusses domain credentials. However, this article also discusses generic credentials for clarification.
Information about unlocking a workstation

This article describes the behaviours to expect when you attempt to unlock a locked workstation. Note This behaviour only happens when you have Fast User Switching disabled. (When you join a Windows XP Professional computer to a domain, the Welcome Screen logon (and Fast User Switching) is disabled.)
A User Logon Request Is Rejected Without Any Messages

If the security log is full and a restricted user with no password attempts to log on from the Windows XP Welcome screen, the logon request is rejected without any error messages.
You cannot enter any characters in the "User name" box and the "Password" box in the Log On dialog box for Windows Server 2003 or for Windows XP Service Pack 2

You may find that you cannot type any characters in the User name box and the Password box in the Log On dialog box. This occurs on a computer that is running Microsoft Windows Server 2003, Windows Server 2003 with Service Pack 1 (SP1), or Windows XP Service Pack 2 (SP2). Because you cannot enter your credentials, you cannot log on to the computer. However, you may be able to log on to the computer after you restart the computer.
Can Log On Without Password by Using Guest Account After Upgrade from Windows 2000

When you upgrade your computer from Windows 2000 to Windows XP and the Guest account is enabled for local logon, the Guest option is available when you run the Out of Box Experience (OOBE). You are able to log on as a Guest without using a password.
Logging On with New Password Does Not Update Matching Stored User Names and Passwords Credentials

After you change a password on one computer and then log on to another computer, the matching credentials in Stored User Names and Passwords are not updated.
You cannot type your password in the "Welcome" logon screen in Windows XP

When you try to log on to a Windows XP-based computer from the Welcome logon screen, you cannot type your password. For example, when you click in the password box, and then you try to type the password, nothing happens. Asterisk characters do not appear in the password box, and the password is not acknowledged. Because of this problem, you cannot log on to the account by using password authentication. This problem may occur only occasionally.
FIX: The MSChapSrvChangePassword function may fail and may return an unexpected error code on a computer that is running Windows Server 2003 or Windows XP

When you call the MSChapSrvChangePassword function to change the password of a domain user account in the Active Directory directory service, the function may fail. When this problem occurs, the function may return an unexpected error code.

This problem occurs on a computer that is running Microsoft Windows Server 2003 or Microsoft Windows XP.
Denied Access to Encrypted Files After You Change Your Password

Under the following conditions, you may not be able to obtain access to your encrypted files:
  • You logged on to your computer in a workgroup or in a Microsoft Windows NT 4.0 domain.
  • You encrypted files on your local computer by using a local user account or a domain user account in the Microsoft Windows NT 4.0 domain.
  • You have changed your password.
  • You have logged on to your computer by using cached credentials when your computer is not on the network.
Security Event 529 is logged for local user accounts

Consider the following scenario. A Microsoft Windows XP Professional-based member computer is joined to a domain controller. In the domain controller, the audit policy is turned on for logon failures. When a local user on the member computer logs off, the following event is logged two times in the Security log in the domain controller:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: date
Time: time
User: NT AUTHORITY\SYSTEM
Computer: domain controller computer name
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: user name
Domain: client computer name
Logon Type: 3
Logon Process: KSecDD
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: client computer name

For more information, see Help and Support Center at
http://support.microsoft.com.


Consider the following scenario. A Microsoft Windows Server 2003-based member computer is joined to a domain controller. In the domain controller, the audit policy is turned on for logon failures. When a local user on the member computer logs off, the following event is logged in the Security log in the domain controller:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: date
Time: time
User: NT AUTHORITY\SYSTEM
Computer: domain controller computer name
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: user name
Domain: client computer name
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: client computer name

For more information, see Help and Support Center at
http://support.microsoft.com.

The "Welcome" Logon Screen Does Not Appear

On a Windows XP-based computer that is part of a workgroup and has the Fast User Switching feature enabled, the computer may start without displaying the "Welcome" logon screen.

The Guest account is not relevant when Windows determines if there is only one user without a password. If there is only one user registered on the computer, the "Welcome" logon screen is not displayed before the account is logged on. You can use the Fast User Switching feature to gain access to the Guest account.

Note that this behaviour occurs only if the user account is part of a workgroup (not a domain) and any of the following conditions exist:
  • No password is configured for the user account.
  • No other users are registered on the computer.
Error message when you try to remove a password from a compressed folder or add a password to a compressed folder on a Windows XP-based computer: "Compressed (Zipped) Folders Error"

You use a compressed (zipped) folder on a Microsoft Windows XP-based computer. When you try to remove a password from the compressed folder or add a password to the compressed folder, you receive the following error message:

Compressed (Zipped) Folders Error
Cannot create output file


The password is not successfully removed or successfully added for some files.
"Access is Denied" Error Message When You Try to Open a Folder

When you try to open a folder in Microsoft Windows XP, you may receive the following error message, where Folder is the name of the folder that you cannot open:

Folder is not accessible. Access is denied.

This issue may occur if the folder that you cannot open was created on an NTFS file system volume by using a previous installation of Windows, and then installing Windows XP. This issue may occur although you enter the correct user name and password. This issue occurs because the security ID for the user has changed. Although you use the same user name and password, your security ID no longer matches the security ID of the owner of the folder that you cannot open.
When you change the user password on a Microsoft Windows XP-based computer, you lose access to data

When you change the user password on a Microsoft Windows XP-based computer, you lose access to data.

This problem occurs if the Data Protection API (DPAPI) protects data when the domain-joined computer is offline.
CSNW Cannot Use Credential Management

Microsoft Client Services for Netware (CSNW) does not use stored credentials in Windows XP. CSNW cannot store or retrieve credentials by using the Data Protection API (formerly known as Protected Store).
You may be unable to correctly enter the password by using the touch screen in Windows XP Tablet PC Edition 2005

In Microsoft Windows XP Tablet PC Edition 2005, the dot that represents the first character of the password does not appear on the screen when you tap the software keyboard. Therefore, you may be unable to correctly enter the password by using the touch screen.

When you enter the second and successive characters of the password, dots are displayed to indicate that characters have been entered. However, because no dot is displayed to indicate that the first character has been entered, you may be unable to correctly enter the password.
Error message when you use user credentials to connect to a network share from a computer that is running Windows XP: "The network folder specified is currently mapped using a different user name and password"

Consider the following scenario:
  • You have a computer that is running Microsoft Windows XP.
  • There are two network shares on a remote server.
  • You use user credentials to connect to one of the network shares. Then, you try to use different user credentials to connect to the other network share.
In this scenario, you may receive the following error message:

The network folder specified is currently mapped using a different user name and password. To connect using a different user name and password, first disconnect any existing mappings to this network share.

If you click OK in response to this error message, you may receive the following error message:

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
You Cannot Change Your Screen Saver Selection in Windows XP

The screen saver settings for a user or for a Group Policy object may not be applied. For example, you may experience one or more of the following symptoms after a domain administrator configures screen saver settings in Group Policy:
  • The screen saver may not be enabled after the specified screen saver timeout.
  • Users may not be able to change their screen savers.
  • Users are not prompted for a screen saver password even if the administrator configured the "Password protect the screen saver" policy setting to Enabled.
Scheduled tasks may not start if you used a System Preparation image to install Windows XP or Windows 2000

When you install a Microsoft Windows 2000-based disk image or a Microsoft Windows XP-based disk image that was created with the Microsoft System Preparation tool (Sysprep.exe), some scheduled tasks may not start as expected.

When you view the properties of a failed task, you may receive an error message similar to the following:

0x8004130f: No account information could be found in the Task Scheduler security database for the task indicated.
Trying to connect to a share via the "Run" command of the Explorer can lead to an account lockout.

If an account lockout policy is applied to a domain, and an account is present both in the domain and in the local SAM of a client of this domain with a different password, it will be locked out if a user logs on to the local account of the client  and tries to connect to a share of a server member of the domain via the "Run" command from the "Start" menu of the explorer.

This can also happen is the client is a member of another domain that has the same account with a different password and the user is logged on to that account.
A MIT Kerberos client tries to log on multiple times with the same key despite bad password errors that are returned to the Windows Server 2003 or Windows XP workstation

Consider the following scenario:
  • You try to log on to a Microsoft Windows Server 2003 or Microsoft Windows XP workstation as a trusted Massachusetts Institute of Technology (MIT) Kerberos realm user.
  • Your MIT Kerberos realm user account is mapped to a Windows account.
  • You enter the wrong password.
In this scenario, the Kerberos client ignores the KRB_AP_ERR_BAD_INTEGRITY return message, and then tries to log on three more times with the same credentials. If an account lockout policy is enabled in the MIT Kerberos realm, this causes four bad passwords to be counted for each bad logon on the client workstation.
Unsuccessful authentications are not counted as incorrect password logon attempts when you use the IADsOpenDSObject::OpenDSObject method to specify a UPN in a Windows Server 2003 domain

Consider the following scenario. You use a program that uses the IADsOpenDSObject::OpenDSObject method to specify a user principal name (UPN) for the user ID during logon. This user ID is specified during logon to a Microsoft Windows Server 2003 domain. However, if a user types the wrong password in this scenario, the number of unsuccessful logon attempts is not incremented by the authenticating domain controller, as indicated by the badPwdCount value.
You cannot access encrypted data when you log on to a domain-joined Windows XP-based client computer by using a new domain password

Consider the following scenario:
  • On a Microsoft Windows XP-based client computer, you run a program that uses the Data Protection API (DPAPI).
  •  The Windows XP-based client computer is joined to a Microsoft Windows Server 2003-based domain.
  • You log on to the Windows XP-based client computer as a domain user, and you change the domain password.
  • After you log off the Windows XP-based client computer, you encrypt data by using the DPAPI-based program.
In this scenario, you cannot access the encrypted data when you log on back to the Windows XP-based client computer by using the new domain password.