Re: Prevent Users from removing XP Workstation from Win2K Domain
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 09/18/04
- Next message: Patrick: "Log on failure"
- Previous message: Dave Patrick: "Re: How to change Dual Boot to Single Boot?"
- In reply to: Madhur Ahuja: "Re: Prevent Users from removing XP Workstation from Win2K Domain"
- Next in thread: Bob Qin [MSFT]: "RE: Prevent Users from removing XP Workstation from Win2K Domain"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 19 Sep 2004 01:30:38 +0200
Madhur Ahuja wrote:
> MR-KEN wrote:
>
>> When a user removed an XP machine from a domain, they are
>> prompted for a username and password. I thought this was
>> a great feature, assuming that only a member of the Domain
>> could remove the computer. This isn't the case. You can
>> even enter a false user account and it will still remove
>> itself from the Domain.
>
> This is not true. how can a user with false credentials remove
> a computer from the domain.
Hi
Actually, it is true. You don't even have to enter a user name at
all in the authentication box that pops up, it is good enough to
just press the OK button (you may need to do it a couple of times
if the dialog box repeat itself).
The authentication is only used for trying to disable the computer
account entry in AD, and not for the actual local unjoining from
the domain.
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Next message: Patrick: "Log on failure"
- Previous message: Dave Patrick: "Re: How to change Dual Boot to Single Boot?"
- In reply to: Madhur Ahuja: "Re: Prevent Users from removing XP Workstation from Win2K Domain"
- Next in thread: Bob Qin [MSFT]: "RE: Prevent Users from removing XP Workstation from Win2K Domain"
- Messages sorted by: [ date ] [ thread ]
