RDP Users are unable to change Passwords

A password is a string of characters used to verify the identity of a user during the authentication process. This guide will show you how to fix “RDP Users are unable to change Passwords”. Kindly refer to the following guides on how to perform these related tasks: How to create a desktop shortcut in Windows 10 to switch User Accounts: Fast user switching (Session Disconnection Utility), How to enable or disable Fast User Switching in Windows 10.

This session will discuss the “You must change your password before logging on the first time, please update your password” error.

Your password has expired and you have to log on to change your password, but you cannot log on until you’ve changed your password.

Issue 1: – Why you might be unable to change your password

Remote Desktop Users (RDS users) are unable to change their passwords upon first log-in or after password expiration, if their AD accounts have the “User must change password at next logon” option enabled as shown below.

You may want to uncheck this for remote users. To do this, see issue 2 below.

Please see how to disable or enable automatic login from the sign-in screen in Windows., and how to determine your AD user account or service account password. How to run an App as a different User and switch Users in Windows

Issue 2 – Reasons to change your password

Also when the Users cannot change the password on the account tab as shown below. This is because “User must change password at next logon” was selected in their AD account.

Please uncheck this for the RDS user. Please see how to Resolve Account restrictions are preventing this user from signing in: User Account Password has expired

Solution

We will need to launch Active Directory Users and Computers as shown below via the Server Manager.

Alternatively from the “Windows Search” or “Run” command and type dsa.msc, or from the Control Panel\System and Security\Administrative Tools and click on Active Directory Users and Computers

Locate the OU that has the user and right-click on the User Account. In order to resolve this issue for this specific RDP user, we will need to uncheck the “User” must change password at the next logon. In this way, the user will be able to connect to the remote device.

This will ensure that the account can be reset and not greyed out. Here is a fantastic piece on “Windows 10 and Windows 11 updates will now expire for better performance“.

Note: I do not recommend checking the option “Users cannot change password” or password never expires for security best practice! These settings are there just for a different purpose.

Note: You cannot select “User must change password at next logon” + “User cannot change password” at the same time. If you select, “User must change password at next logon”, you must uncheck “Password Never expires”. Else a warning sign will be prompted!

Please see How to change your Windows Computer login Password, how to Prevent the Saving of RDP Credentials in Windows 10. How to fix “DriveLock Error: The server could not be reached or validated: Timeout expired. The Time out expired prior to obtaining a connection from the pool“.

Select User must change password at next logon

Note: If you select user cannot change password. The option will be greyed out when resetting the password and this will mitigate the issue.

But I do not recommend selecting the option “Users cannot change password”. Your organization will have to define a policy for this.

Now, Remote Desktop Users should be able to log on to their devices without having to change their password, thereby resolving the issue associated with RDP Users being unable to change Passwords.

Here are some related guides that might be interesting to you. How to reset your lost or forgotten Windows 10 Password, and how to reset your built-in (Local) Administrator’s password in Windows 10.

I hope you found this blog post helpful on how to fix RDP Users who are unable to change Passwords. If you have any questions, please let me know in the comment session.