Re: Computer account and group policy
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 31 Aug 2006 13:54:13 -0700
I think you have this diagnosed incorrectly.
Computer accounts do not expire.
More likely you did not sysprep or otherwise guarantee that
multiple copies of the same image had unique machine SIDs
before starting to use them, joining them, etc..
In that case, once pwd is changed a couple of times and another
tries to start up after a long time with an out-of-date password for
the SID, you have your problem.
Your best solution would be to prep your images, such as
with NewSID from www.sysinternals.com, or otherwise.
Preventing machine account password change is only masking
your issue, like bandaid on deep cut but forgetting the stiches.
"Haim Beyhan" <haimb@xxxxxxxxxx> wrote in message
news:OIc3%23pQzGHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
I have some test machines that contain ghost images for different operating
systems. Each of these images has a different machine name and is part of
the AD domain. There are situations that we do not load these images too
often and then when we load after 2-3 months, we see that the computer
cannot connect to domain.
I know that it's related to computer account password that it's expired.
We have a group policy that disables the machine account password changes
for those ghost images. I'm not sure if those images already got that
policy or not. But it looks that some of them got and some of them not.
Any suggestions ?
Do I have to use group policy for that or do I need to do changes in local
security of each machine and save the image again after reconnecting them
to domain ?
Thanks,
Haim Beyhan
.
- Prev by Date: Re: Simple Yes or No question:
- Next by Date: Re: Simple Yes or No question:
- Previous by thread: Re: Simple Yes or No question:
- Next by thread: Re: Computer account and group policy
- Index(es):
