A. After a trust is established using a defined password it is changed automatically every seven days. If this password change is missed two cycles running then the trust is broken. This also applies to machines in a domain who have a secure channel with the domain controller and change their passwords every 7 days on NT 4.0 and for Windows 2000 every 30 days.

To disable the trust password changes perform the following change on the domain controllers/workstations:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. Double click on DisablePasswordChange
  4. Set to 1
  5. Click OK
  6. Close the registry editor

Another option to stop the computer account password changes is to refuse the change at the domain controller:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. From the Edit menu select New - DWORD value
  4. Enter a name of RefusePasswordChange
  5. Double click on the new value and set to 1
  6. Click OK
  7. Close the registry editor