You log on to the domain on a workstation that is running Windows Vista.
Your password is expired.
You lock the workstation and then try to unlock it.
In this scenario, you cannot unlock the workstation. You receive the following error message:
The password for this account has expired. To change the password, click Cancel, click Switch User and then log on.
Additionally, the Switch User button is unavailable.
This problem may occur if ForceUnlockLogon is enabled on your computer and if either of the following conditions is true:
Your password has expired.
Your account has the User must change password at next logon setting enabled.
This problem may also occur if ForceUnlockLogon is not enabled, but the computer determines that it has to contact the domain controller to unlock the workstation because it was locked or on standby for an extended time.
To work around this problem, use one of the following methods:
Log on to another workstation, change your password, and then use the new password to unlock your computer.
Have an administrator unlock your computer.
Note When you have an administrator unlock your computer, your session on your computer is forcibly logged off, and any unsaved work may be lost.
If ForceUnlockLogon is not enabled, and the computer is running Windows Vista, click Start, click Switch User, and then log on as the same user. (You will be prompted to change your password.)
The ForceUnlockLogon registry entry was introduced in Microsoft Windows NT4.0 Service Pack 4 (SP4) to make sure that an unlock request was sanctioned by a domain controller, and that account lockout was observed. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
188700 Screensaver password works even if account is locked out
These articles discuss Windows XP and Windows NT4.0 however the information also applies to Windows 2000. In Windows NT4.0, the new option can also cause a user account to be locked out prematurely, as incorrect unlock attempts were sent to the domain controller two times.
In Windows 2000, the message that appears for incorrect password entry and eventual account lockout was originally incorrect. See the following article on the post-SP2 hotfix that corrected this problem:
286778 Wrong message appears when the workstation is unlocked with an invalid password
The ForceUnlockLogon registry entry forces the workstation to log on, or authenticate at every unlock attempt instead of using a stored hash of the user's password. For more information about unlocking a workstation, click the following article number to view the article in the Microsoft Knowledge Base:
Microsoft Windows XP Professional, Microsoft Windows 2000 Professional Edition, Microsoft Windows NT Workstation 4.0 Developer Edition, Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Standard without Hyper-V, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Vista Business, Windows Vista Enterprise, Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Starter, Windows Vista Ultimate