Password change with the write filter – Wyse Technology TM 9000 Series User Manual
Page 54
42
Note
A Terminal Services Client Access License (TSCAL) is always preserved
regardless of Write Filter state (enabled or disabled).
If you want to have other registry settings preserved regardless of Write Filter
state, contact support for help at
.
For procedures on manipulating the Write Filter, refer to:
• “Password Change with the Write Filter”
• “Write Filter Command Line Control” on page 44
• “Write Filter Enable and Write Filter Disable Desktop Icons” on page 45
• “Write Filter Control Dialog Box” on page 46
Password Change with the Write Filter
On Microsoft Windows NT-based computers and on Microsoft Windows 2000 or
2003-based computers, machine account passwords are regularly changed with the
domain controller for security purposes. By default, on Windows NT-based computers, the
machine account password automatically changes every seven days. On Windows 2000
or 2003-based computers, the machine account password automatically changes every
30 days. The same is applicable for Winterm
TM
9000 Series Thin Clients if they are a
member of a domain.
With the Write Filter enabled, a Thin Client will successfully make this change with the
domain controller. Because the Write Filter is enabled, however, the next time the Thin
Client is booted it will not retain the new password. In such cases, you can use the
following options:
• Disable the machine account password change on a Winterm
TM
9000 Series Thin
Client by setting the
DisablePasswordChange
registry entry to a value of 1.
• Disable the machine account password change in Windows NT 4.0 or in Windows
2000 or 2003, by setting the
RefusePasswordChange
registry entry to a value of 1
on all domain controllers in the domain instead of on all workstations. Winterm
TM
9000
Series Thin Clients will still attempt to change their passwords every 30 days, but the
change will be rejected by the server.
Note
On Windows NT 4.0 domain controllers, you must change the
RefusePasswordChange
registry entry to a value of 1 on all Backup
Domain Controllers (BDCs) in the domain before you make the change on
the Primary Domain Controller (PDC). Failure to follow this order will cause
event ID 5722 to be logged in the event log of the PDC.
If you set the
RefusePasswordChange
registry entry in the Windows 2000
or 2003 Domain Controller to a value of 1, the replication traffic will stop, but
not the Thin Client traffic. If you also set the
DisablePasswordChange
registry entry to a value of 1 in the Thin Client, both Thin Client and
replication traffic will stop.