System Account Password

From: Cav (Cav@hawaii.rr.com)
Date: 11/26/01


Message-Id: <4.2.0.58.20011125220930.00a61258@pop-server.hawaii.rr.com>
Date: Sun, 25 Nov 2001 22:09:54 -1000
To: FOCUS-MS@SECURITYFOCUS.COM
From: Cav <Cav@hawaii.rr.com>
Subject: System Account Password

Hi,

I administer a Windows NT4 domain and am having issues with remote dial-up
(VPN) users who travel. Occasionally, these users are going on travel and
are experiencing problems with their machine account passwords. They get
to the remote location and logon using dial-up networking and are getting
the following error message.

The system could not log you on to this domain because the system's
computer account in its primary domain is missing or the password on that
account is incorrect

The computer accounts do exist (they're added to the domain during the
standard laptop build), and so I believe these users are using their
laptops only after an extended period of non-usage, causing the machine
account passwords to be out of sync. Is this true or could it be something
else (it happens occasionally, but much less frequently to workstations on
the domain)? And the biggest question I have is how can I resolve this
issue while the user is on travel (i.e. remotely)? The users don't have
administrator access to their laptops, basically just user
access. Currently we're subjected to sending up a replacement hard drive
to the user...not a very convenient process. Any help would be appreciated.

-Steven T.