On Windows, there is an obscure security policy that prohibits changing one's password for the first time through Remote Desktop. Normally, one can type CTRL-ALT-DEL to bring up a menu that, among other things, allows a password change. When logged in remotely using RDP, the key chord is CTRL-ALT-END. However, Windows can detect this situation, and if the very first password change is attempted after using CTRL-ALT-END then it will be rejected as "access denied". There is a work-around, though:
- Bring up the onscreen keyboard (OSK.EXE).
- Type CTRL-ALT using the regular keyboard.
- Press DEL on the onscreen keyboard.
- The password change function will now operate normally (i.e. no "access denied").
This is helpful on virtual machines where remote access is the only possibility. The purpose of this strange security policy remains unclear.