Resetting your Fermi Windows Domain Password

From your Computer
From the main Windows XP or Windows 7 screen, press Ctrl + Alt + Delete to bring up the Windows Security dialog box. Select Change Password... to bring up the Change Password dialog box.

Windows XP: Choose from the pop-up list or type in the domain or system for which you want to change your password. The one to which you are currently logged on is displayed. You must first enter your old password, then the new password must be entered twice, for confirmation. Click OK to complete the change.

Windows 7: The interface is slightly different. Pressing Ctrl + Alt + Delete brings up the following screen:

Select Change a password

Enter the required information to change your password. If you are trying to change your password for a different domain enter DOMAIN\Username in the top text box.

Local Support
If you have problems reseting your password contact the Computing Division Service Desk at ext 2345 or http://servicedesk.fnal.gov.

From a machine in the Fermi domain
Log on to any PC that is a member of the Fermi Windows domain and is either onsite or using a lab VPN connection. You will be prompted to change your password.

Windows XP or Windows 7 Desktop/Laptop
You must have a .FNAL.GOV address for the following to work. Obtaining an ip address via DHCP while on the Fermilab site or by establishing a VPN connection to FNAL will give you a .FNAL.GOV address.

VPN account information can be found at: http://computing.fnal.gov/vpn/

• Press Ctrl+Alt+Del to open the Windows Security dialog box.
• Select Change Password.
• Enter your username and domain in the User name text box in this format: username@fermi.win.fnal.gov (Windows 7 users - there is a help link on this screen)
• The Logon to text box should be greyed out.
• Enter your old password in the Old Password text box.
• Enter your new password in the New Password text box.
• Re-enter the new password in the Confirm New Password text box.
• Click OK.

• Bring up the Control Panel (Start -> Settings -> Control Panel)
• Double click on "User Accounts"
• Click on "Change the way users log on or off
• Clear the box next to "Use the Welcome Screen"
• Click on "Apply Options"
• Follow the instructions above to change your password (Ctrl-Alt-Delete etc)
• Change the "Use the Welcome Screen" option back if you wish.

From a non-Windows system
Passwords can also be changed from properly configured non-Windows systems (Linux, Mac, Unix) with the command:

kpasswd username@FERMI.WIN.FNAL.GOV

Local Support
Contact your Fermi Domain Support Person. If you are not sure who your support person is, you can contact the Computing Division Service Desk at ext 2345 or http://servicedesk.fnal.gov.

• Does not contain your name or username.
• Contains at least ten characters.
• Contains characters from each of the following three groups:
  • Uppercase and/or lowercase letters
  • Numerals (0 through 9)
  • Symbols (characters that are not defined as letters or numerals, such as !, @, #, and so on)
• Is very hard for a person or program to guess

• Your Kerberos password must be known only to you.
• Make sure that you do not write it down anywhere that someone could find it.
• Do not put it in a file (encrypted or not).
• As a usual practice, type it only at the console of a system on which you authenticate.
• Only on very rare occasions, when you have no other choice, may you pass it over a network connection. The connection MUST BE ENCRYPTED. Verify that ALL connections in the chain are encrypted.
• Choose a character string different from your Kerberos password for all other passwords and other objects. (The one exception: your passwords for the FNAL.GOV and FERMI.WIN.FNAL.GOV realms can be the same.)
• If you mistakenly type your Kerberos password over the network on an unencrypted channel, please change your password immediately!