Win XP Pro Lockout After Using On Home LAN With Workgroup Name Same As NT Domain Name At Work
From: firstname.lastname@example.org Date: Wed, 02 Apr 2003 03:52:13 GMT
All users, including the Administrator could not log on to Office
Domain after I connected my notebook to my LAN at home (also running
When running Win 98 SE on old notebook I had two distinct profiles for
the two connections - Office LAN had static IP on router with NAT and
used "XXX" as the company's NT domain.
At home, I called my Workgroup by the same name ("XXX"), but the
profile (using Netswitcher) emplyed DHCP IP addresses.
File sharing in both cases was active, and used NETBEUI as the only
protocol with file & print sharing turned on (since it's a
non-routable protocol, it seemd like it was better security for the
file-sharing even behind the hardware firewall with NAT running at
Been running on my home machine under XP Pro set up this way for more
than a year. All I had to do each day was tell Netswitcher to boot
with the "Other" profile on shut-down, so I was easily taking files
back and forth to and from the office without a hitch.
My new, just-arrived notebook, together with new machines at the
office, are all XP Pro, and the Network IT guy has enabled DHCP on the
Cisco router for all of us, eliminating the static IP assignments.
He further agreed to leave file and printer sharing active on the
Office LAN, becasue they're behind a firewall with NAT active.
So, I take home my new notebook configrued this way, hook it up to my
home LAN (remember same Workgroup name as the office's domain name).
Distinction being that there is no separate profile on the notebook.
Thinking that nothing should go wrong, I click away the message that
no domain can be found (makes sense, as I'm not on the line through
the Cisco router which has the gateway addresses specified.
I get to browse the Internet through my broadband connection at home,
and it appears I can "see" the notebook from Network Neighbourhood,
and vice versa. Looks like I can easily work FROM the notebook Windows
Explorer to save from the LAN machines TO the notebook, or also use
the notebook to copy to a local machine. The other way seems to
require a password dialog box to go FROM a LAN machine TO the
But that's OK, I had a few "glitches" with other desktops at home when
first setting up the file sharing on the XP Pro machine.
The next day, the crap hit the fan, but not before the Network guy had
been messing around with the programs freshly installed and being
configured on the notebook.
Suddenly he claimed no log on was possible -- on my user account, on
his user account, as an administrator - Nothing worked!
Not only could he not log on to our company domain, he could not even
log on to the local machine -- with any account!
This was promptly blamed on my having connected to my home LAN, which
destroyed all the "Group Policies" because my Workgroup Name was the
same as our NT Domain name. He said this meant the machine was now set
to treat this name as a Workgroup and would not even try to go outside
to locate the NT Domain any more.
The machine was screwed up, and would need to be blown away, and
reloaded from scratch, and I was in deep doo-doo for what appeared to
be the innocent step of trying to browse with it at home, hoping to
continue my long practice of working in both places and file-sharing
through the LANs to take stuff home, work on it, and bring it back to
the office (and the LAN there).
He went out to lunch, and by some mysterious means, the machine was
functional by the time he returned. Local rights as Administrator were
now possible, and he proceeded with the loading and configuring that
he'd planned to do.
He said he had to "UNJOIN" what was maybe the workgroup, destroy and
recreate some user accounts, and then he got logged on to the Domain.
Strangely though, after installing (again )IBM Client Access software
to talk to our A/S 400, things went screwy!
We could no longer get to our company's web page from IE browser,
unless my user name was given full Administrator privileges. Downgrade
to power userr and neither Client Access nor the company web page
would function. Restore Administrator and back they both came. Worked
with his Administrator account as well!
Un-installed and reinstalled Client Access twice more, with the same
effects after doing each step. Then he loaded Client Access, and
didn't even run it, and the same problem.
Neither non-working function should rely on security settings he
thought, but when asked, I suggested helook into boot-up programs and
the registry as suspects for activating something that wrecks it
BEFORE the program (Client Access) is ever executed. Nothing he could
detect to account for this puzzling issue.
Solution was to remove the IBM Client Access software -- alternate for
leaving me as an Administrator seemed very improbable!
Anyone who can comment on the negative effects found when an NT Domain
Name matches a subsequent connection to a Workgroup with the identical
With DHCP active on the routers at both ends, and file sharing turned
on, how could this wreck all the User accounts for both the Domain as
weall as for the Local Machine, when not hooked up to any network?
I would welcome any informed comment or opinion, as the stated effects
of what I may have done seem out of proportion to the severe effects
on the functioning of the network.
Surely people have setups that allow other Domains or Workgroups to
coexist with the main office Domain?
Since I am barred from connecting this ever to my home LAN, the
interest may be academic, but I'm still convinced that the IBM Client
Access software was not installed right, or configured properly, and
that this blew away the user settings and made the machine
inaccessible, even to an Administrator.
The later problems eeem to bear out that something with Client Access
is not right, even though the desktops on the same network are running
Thanks for sticking with me through the long-winded elaboration of my