Possible security issue???

[Guest]

Whenever I have new computers or computers that need to be re-imaged when I'm
setting up an old employee's machine for a new one I have to use a corporate
ISO image. This image joins us to the corporate domain. The first thing I
have to do when I'm done with the image is join the computer to our domain.

I've been doing this for years without any problems, suddenly this is the
4th machine I've had difficulty with. When I go into my
computer|properties|computername and change the domain name, I then get
prompted for a username/password of a user with permissions to be able to
join the computer to the domain. I put in the DomainName\administrator
username/password, and there's a long pause. Then an error comes back saying
that "The specified server cannot perform the requested operation."

Oddly enough when I leave the username/password blank and hit enter it
successfully joins the machine to the domain. This concerns me because
something has changed and I fear it might be a security issue.

I'm not sure where to even start down this path, but like I said I've been
doing this for years and now suddenly I don't need to authenticate to join my
domain and that's very disturbing. Can someone help me figure out how to
troubleshoot something like this? I'm not sure I'm even going to the right
forum as it could be several different things. The machine in question is a
P4 windows XP SP2 machine.

 

[Steven L Umbach]

Hmm. Not really sure what is going on but I would make sure that auditing of
account management is enabled in Domain Controller Security Policy and then
you should be able to see in the security log who joined the computer to the
domain as that would be interesting to see what user it shows. If you leave
username/password blank after you tried with user name/password then maybe
for some reason the original username/password you used then worked.

Also check in Domain Controller Security policy the user right for add
workstations to the domain to see what users/groups are listed as it should
not show everyone, guest, or anonymous [highly unlikely but worth checking].
Typically it shows authenticated users unless changed from default settings.
Verify that the built in guest account in Active Directory Users and
Computers is disabled.

Steve

 

[Guest]

auditing of account management was not enabled, so I enabled it in the domain
policy. The only thing assigned to the add workstation to domain was the
authenticated users, so it accepting a blank username/password shouldn't have
allowed me to do it.

Hmm. Not really sure what is going on but I would make sure that auditing of
account management is enabled in Domain Controller Security Policy and then
you should be able to see in the security log who joined the computer to the
domain as that would be interesting to see what user it shows. If you leave
username/password blank after you tried with user name/password then maybe
for some reason the original username/password you used then worked.

Also check in Domain Controller Security policy the user right for add
workstations to the domain to see what users/groups are listed as it should
not show everyone, guest, or anonymous [highly unlikely but worth checking].
Typically it shows authenticated users unless changed from default settings.
Verify that the built in guest account in Active Directory Users and
Computers is disabled.

Steve

Whenever I have new computers or computers that need to be re-imaged when
I'm
setting up an old employee's machine for a new one I have to use a
corporate
ISO image. This image joins us to the corporate domain. The first thing
I
have to do when I'm done with the image is join the computer to our
domain.

I've been doing this for years without any problems, suddenly this is the
4th machine I've had difficulty with. When I go into my
computer|properties|computername and change the domain name, I then get
prompted for a username/password of a user with permissions to be able to
join the computer to the domain. I put in the DomainName\administrator
username/password, and there's a long pause. Then an error comes back
saying
that "The specified server cannot perform the requested operation."

Oddly enough when I leave the username/password blank and hit enter it
successfully joins the machine to the domain. This concerns me because
something has changed and I fear it might be a security issue.

I'm not sure where to even start down this path, but like I said I've been
doing this for years and now suddenly I don't need to authenticate to join
my
domain and that's very disturbing. Can someone help me figure out how to
troubleshoot something like this? I'm not sure I'm even going to the
right
forum as it could be several different things. The machine in question is
a
P4 windows XP SP2 machine.