If you are having issues updating or changing a device's password remotely while connected over Privatise to the Domain Controller. Please try the following:

1. When entering credentials, add “ComputerName\” (without the quotes) before the account name and see if that solves the issue.

2. If the above does not work, try the following steps on the remote server:

1. disable NLA (Network level Authenticator)
2. Registry editor (Win R) regedit.exe browse to:
 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp 
 Find Securitylayer Change the default value to 0
3. last but not least. "Local Security Policy" under      local policies\security options browse till you find "Network Access: Restrict clients Allowed to make remote calls to SAM
select "Edit security"
Administrators is there as default.. but not defined!.... my user accounts that remote in to this server are admins so i leave "Administrators" in "group or user names" as default. Remote access 
is set to allow then click "OK"
The "Security descriptor" should then populate upon clicking ok if a user is added correctly.
Select ok to close window you can close all windows. The user should then be able to change their password without any issues.

Edit the username as "Computername\username" (without the quotes)

3. If neither of the above steps work, please remove the computer from AD and add the computer back again to the Domain.

  • cant-change-dc-password-remotely.txt
  • Last modified: 2021/08/10 06:09
  • by rafi