If you attempt to add a local account to the privilege service and see the “Unable to update account password” error, it is most likely caused by the Minimum password age policy you have configured. It is common for organizations to configure to the Minimum password age policy to be 1 day. If you create a new local account for testing, then attempt to add the account and have its password managed by the privilege service, the service cannot update the password if the password fails the Minimum password age requirement.
To check the Minimum password age policy:
- Open Administrative Tools and select Group Policy Management.
- Select the Default Domain Policy, right-click, then select Edit.
- Expand Computer Configuration > Windows Settings > Security Settings > Account Policies, then select Password Policy.
- Check the Minimum password age setting.
If this policy is defined, you can either wait more than one day before adding the account with a password to be managed to the privilege service or you can disable the policy while testing with newly-created local accounts on computers joined to the domain. The issue doesn’t exist on computers that are not joined to the domain where the policy is set or for local accounts with a password exceeding the Minimum password age.