This is by design. There is a work around in the article, though I have not tested this or don't know the full implications of the registry mod. CAUSE The client is not logged on to the domain that the password is changed in, or to a trusted domain. Therefore, the client cannot establish a remote procedure call (RPC) connection to the Local Security Authority (LSA) to change the password. Client unable to change Windows NT or Windows 2000 password http://support.microsoft.com/kb/236111/ James Chong (MVP) MCSE | M+, S+, MCTS, Security+ msexchangetips.blogspot.com ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of John Knijn Sent: Friday, June 08, 2007 4:20 AM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] reset password Good morning, I am trying to let people from elsewhere (not in the domain but via a secure tunnel connected to our network) who are working with Outlook and Exchange 2003 server to change their password by setting the flag "user must change password at next logon", an error-message appears "Your Windows password could not be changed. To change your password, you must log on to your organization's network or contact your system administrator". How can I let people change their own network-password when they are not logged on to the domain? Thanks. John