beautypg.com

Password change with the write filter – Wyse Technology TM 9000 Series User Manual

Page 54

background image

42

Note

A Terminal Services Client Access License (TSCAL) is always preserved
regardless of Write Filter state (enabled or disabled).
If you want to have other registry settings preserved regardless of Write Filter
state, contact support for help at

http://www.wyse.com

.

For procedures on manipulating the Write Filter, refer to:
“Password Change with the Write Filter”
“Write Filter Command Line Control” on page 44
“Write Filter Enable and Write Filter Disable Desktop Icons” on page 45
“Write Filter Control Dialog Box” on page 46

Password Change with the Write Filter

On Microsoft Windows NT-based computers and on Microsoft Windows 2000 or
2003-based computers, machine account passwords are regularly changed with the
domain controller for security purposes. By default, on Windows NT-based computers, the
machine account password automatically changes every seven days. On Windows 2000
or 2003-based computers, the machine account password automatically changes every
30 days. The same is applicable for Winterm

TM

9000 Series Thin Clients if they are a

member of a domain.

With the Write Filter enabled, a Thin Client will successfully make this change with the
domain controller. Because the Write Filter is enabled, however, the next time the Thin
Client is booted it will not retain the new password. In such cases, you can use the
following options:
• Disable the machine account password change on a Winterm

TM

9000 Series Thin

Client by setting the

DisablePasswordChange

registry entry to a value of 1.

• Disable the machine account password change in Windows NT 4.0 or in Windows

2000 or 2003, by setting the

RefusePasswordChange

registry entry to a value of 1

on all domain controllers in the domain instead of on all workstations. Winterm

TM

9000

Series Thin Clients will still attempt to change their passwords every 30 days, but the
change will be rejected by the server.

Note

On Windows NT 4.0 domain controllers, you must change the

RefusePasswordChange

registry entry to a value of 1 on all Backup

Domain Controllers (BDCs) in the domain before you make the change on
the Primary Domain Controller (PDC). Failure to follow this order will cause
event ID 5722 to be logged in the event log of the PDC.
If you set the

RefusePasswordChange

registry entry in the Windows 2000

or 2003 Domain Controller to a value of 1, the replication traffic will stop, but
not the Thin Client traffic. If you also set the

DisablePasswordChange

registry entry to a value of 1 in the Thin Client, both Thin Client and
replication traffic will stop.