COMMAND

    net user

SYSTEMS AFFECTED

    WinNT

PROBLEM

    Frank Heyne found following.  Assuming, you have the following:

        - Windows NT domain
        - account policy which  requires users to change  the password
          after xx days
        - account  policy which  requires passwords  to be  at least z
          chars long
        - account  policy  which  allows  to change passwords  without
          beeing logged on
        - an account ABC which has an password older than xx days

    Now you can try the following:

        1. "net user ABC"
           This will show you the password must be changed during next
           logon
        2. Try to log on.
        3. When asked to change the password, take a new one which  is
           too short.
        4. Cancel the logon.
        5. "net user ABC"
           This  will  show  you  wrong  data  for password expiry and
           changes!  (It  assumes the password  has been changed  NOW,
           though we have still the old one.)
        6. wait 5 minutes
        7. "net user ABC"
           This will tell you the password was changed NOW (5  minutes
           later than in step 5!)

SOLUTION

    Nothing yet.