Computer Passwords

From: "Mike" <reply@xxxxxxxxxxx>
Date: Thu, 14 Sep 2006 23:32:41 +1000

We use Symantec Ghost to image machines. When I restore an computer image
who's account password has changed (since the image was taken) (i.e the
image has an old computer account password) the domain lets the account log
on once. If they log off and attempt to log on again they are challenged
with your computer account is disabled.. etc.

How do I prevent them logging on even once? Shouldn't AD know if you're
attempting to log on using a machines who's computer account password is
incorrect? i.e doesn't it defeat the whole purpose of having computer
accounts (since they can log on even if the computer account password is
incorrect). I'm using a Win2K model. Computer account password are set to
the default of 30 day rotation. Security model is Send Lm & NTLM - Use NTLM2
if negotiated

.

Prev by Date: Re: move enterprise root ca
Next by Date: Re: Group Policies
Previous by thread: terminal service connection
Next by thread: Re: Computer Passwords
Index(es):
- Date
- Thread

Relevant Pages

Re: Computer Account Changes
... Derek Da Silva wrote: ... VM from a couple of months back I run into domain controller unavailable messages because the computer account password has changed. ...
(microsoft.public.windows.group_policy)
Re: Computer Account Password Options
... The computer account password is a system generated password which you have ... prevent it's resetting and that's about it. ... If it makes any difference, the clients are primarily Windows XP SP2, ...
(microsoft.public.windows.server.active_directory)