A. After a trust is established using a defined password it is changed automatically every seven days. If this password change is missed two cycles running then the trust is broken. This also applies to machines in a domain who have a secure channel with the domain controller and change their passwords every 7 days on NT 4.0 and for Windows 2000 every 30 days.
To disable the trust password changes perform the following change on the domain controllers/workstations:
- Start the registry editor (regedit.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- Double click on DisablePasswordChange
- Set to 1
- Click OK
- Close the registry editor
Another option to stop the computer account password changes is to refuse the change at the domain controller:
- Start the registry editor (regedit.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- From the Edit menu select New - DWORD value
- Enter a name of RefusePasswordChange
- Double click on the new value and set to 1
- Click OK
- Close the registry editor
