I really screwed up this time!

[R. P.]

At home I was trying to configure the company laptop to work with my old
home desktop PC as part of the same work group. Originally the laptop
was set up to a company domain and the workgroup field under the
Computer Name tab was empty. The laptop uses Win XP professional, my
desktop uses XP Home Edition. I figured that if I switched the laptop
from the domain name assignment to workgroup assignment by toggling the
workgroup radio button instead of the domain name button and writing the
same workgroup name for the laptop, I could accomplish that and later I
could still toggle back the radio button to go back to what it was: a
domain name PC.
Unfortunately, after this change and reboot, the laptop no longer
accepted my old User Name and Password and now I have no idea how to
bring the laptop back and restore it to what it was before I made my
stupid decision. BTW, I do have administrative privileges to this
laptop.

Please, if anybody can help me with this before I go back to work with
the laptop, I would really appreciate it.

Thanks,
Rudy

 

[Malke]

At home I was trying to configure the company laptop to work with my
old home desktop PC as part of the same work group. Originally the
laptop was set up to a company domain and the workgroup field under
the
Computer Name tab was empty. The laptop uses Win XP professional, my
desktop uses XP Home Edition. I figured that if I switched the laptop
from the domain name assignment to workgroup assignment by toggling
the workgroup radio button instead of the domain name button and
writing the same workgroup name for the laptop, I could accomplish
that and later I could still toggle back the radio button to go back
to what it was: a domain name PC.
Unfortunately, after this change and reboot, the laptop no longer
accepted my old User Name and Password and now I have no idea how to
bring the laptop back and restore it to what it was before I made my
stupid decision. BTW, I do have administrative privileges to this
laptop.

Please, if anybody can help me with this before I go back to work with
the laptop, I would really appreciate it.

I'm very sorry, but you will have to take the laptop to your work's IT
Dept. with your hat in your hand and have them rejoin it to the domain.
There is absolutely no way around this. You messed up and now you must
be brave and humble. Hateful, but really that's the only way.

For the future, here's how to use your domain-enabled laptop on your
home network without destroying the domain settings.

Credit to MVP Lanwench:
Once you've logged in using your domain account (using cached
credentials), and have an IP address on the home network, you can map
drives, use printers, whatnot, very easily - one way, in a command
line:

net use x: \\computername\sharename /user:computername\username <enter>

MS KB article about the Net Use command - http://tinyurl.com/3bpnj

Malke

 

[Shenan Stanley]

At home I was trying to configure the company laptop to work with my
old home desktop PC as part of the same work group. Originally the
laptop was set up to a company domain and the workgroup field under
the Computer Name tab was empty. The laptop uses Win XP
professional, my desktop uses XP Home Edition. I figured that if I
switched the laptop from the domain name assignment to workgroup
assignment by toggling the workgroup radio button instead of the
domain name button and writing the same workgroup name for the
laptop, I could accomplish that and later I could still toggle back
the radio button to go back to what it was: a domain name PC.
Unfortunately, after this change and reboot, the laptop no longer
accepted my old User Name and Password and now I have no idea how to
bring the laptop back and restore it to what it was before I made my
stupid decision. BTW, I do have administrative privileges to this
laptop.

Please, if anybody can help me with this before I go back to work with
the laptop, I would really appreciate it.

You will have to face the music - take the laptop back to work and allow
them to fix what you did.

Not that it matters really - but..
DO you have administrative priviledges as a local user to this laptop or DID
you have administrative priviledges through a domain account?

You tried to do something you did not understand without asking for help.
If you had asked, they may have told you to just map the drives/resources
you need manually - that you do not need to be a member of the home
workgroup (or if it had been your personal laptop - a member of their
domain) to access the resources that workgroup/domain offered. Sure - the
pretty GUI interface may not be there for you, but a simple command
line/script could map just about whatever you need.

 

[R. P.]

You will have to face the music - take the laptop back to work and
allow them to fix what you did.

Not that it matters really - but..
DO you have administrative priviledges as a local user to this laptop
or DID you have administrative priviledges through a domain account?

You tried to do something you did not understand without asking for
help. If you had asked, they may have told you to just map the
drives/resources you need manually - that you do not need to be a
member of the home workgroup (or if it had been your personal laptop -
a member of their domain) to access the resources that
workgroup/domain offered. Sure - the pretty GUI interface may not be
there for you, but a simple command line/script could map just about
whatever you need.

Well, this eperience sure has humbled me and I would be the first one to
call myself stupid for it. My administrative privilege is local to this
laptop only and what caused the false confidence in me was those radio
buttons that semed to suggest that you could simply switch between the
workgroup mode to domain assignment by just toggling those buttons. It
never crossed my mind that I could also lose my User Name and Password
by such a switch.

I'm still curious though how my IT guys could log into my PC and
reassign it to that domain. Is there some kind of superuser name and
password that allows them to get into the system no matter what?

Rudy

 

[Shenan Stanley]

At home I was trying to configure the company laptop to work with my
old home desktop PC as part of the same work group. Originally the
laptop was set up to a company domain and the workgroup field under
the Computer Name tab was empty. The laptop uses Win XP
professional, my desktop uses XP Home Edition. I figured that if I
switched the laptop from the domain name assignment to workgroup
assignment by toggling the workgroup radio button instead of the
domain name button and writing the same workgroup name for the
laptop, I could accomplish that and later I could still toggle back
the radio button to go back to what it was: a domain name PC.
Unfortunately, after this change and reboot, the laptop no longer
accepted my old User Name and Password and now I have no idea how to
bring the laptop back and restore it to what it was before I made my
stupid decision. BTW, I do have administrative privileges to this
laptop.

Please, if anybody can help me with this before I go back to work with
the laptop, I would really appreciate it.

You will have to face the music - take the laptop back to work and
allow them to fix what you did.

Not that it matters really - but..
DO you have administrative priviledges as a local user to this laptop
or DID you have administrative priviledges through a domain account?

You tried to do something you did not understand without asking for
help. If you had asked, they may have told you to just map the
drives/resources you need manually - that you do not need to be a
member of the home workgroup (or if it had been your personal laptop
- a member of their domain) to access the resources that
workgroup/domain offered. Sure - the pretty GUI interface may not be
there for you, but a simple command line/script could map just about
whatever you need.

Well, this eperience sure has humbled me and I would be the first one
to call myself stupid for it. My administrative privilege is local to
this laptop only and what caused the false confidence in me was those
radio buttons that semed to suggest that you could simply switch
between the workgroup mode to domain assignment by just toggling
those buttons. It never crossed my mind that I could also lose my
User Name and Password by such a switch.

I'm still curious though how my IT guys could log into my PC and
reassign it to that domain. Is there some kind of superuser name and
password that allows them to get into the system no matter what?

To be honest - you may be able to join this computer back to the domain
yourself with your username/password.

You could try it - if you like - but be warned - the number of times you
would likely be able to do this would be highly limited if it even exists.
You would need to know the Fully Qualified Domain Name (to be safe) and your
username/password in the domain..

In other words:

FQDN: domainname.com
Username: DOMAINNAME\Username

And your password..

You'd need to be on their network/have access to their newtork at the time
you join the domain.

 

[R. P.]

To be honest - you may be able to join this computer back to the
domain yourself with your username/password.

You could try it - if you like - but be warned - the number of times
you would likely be able to do this would be highly limited if it even
exists. You would need to know the Fully Qualified Domain Name (to be
safe) and your username/password in the domain..

In other words:

FQDN: domainname.com
Username: DOMAINNAME\Username

And your password..

You'd need to be on their network/have access to their newtork at the
time you join the domain.

Hm ...
My fully qualified domain has many parts and follows this pattern:

workstationname.region.nos.company.com

You mean I would have to enter all this and append \Username to all
this? Will that fit in the login field for Username?

Thanks,
Rudy

 

[Shenan Stanley]

At home I was trying to configure the company laptop to work with my
old home desktop PC as part of the same work group. Originally the
laptop was set up to a company domain and the workgroup field under
the Computer Name tab was empty. The laptop uses Win XP
professional, my desktop uses XP Home Edition. I figured that if I
switched the laptop from the domain name assignment to workgroup
assignment by toggling the workgroup radio button instead of the
domain name button and writing the same workgroup name for the
laptop, I could accomplish that and later I could still toggle back
the radio button to go back to what it was: a domain name PC.
Unfortunately, after this change and reboot, the laptop no longer
accepted my old User Name and Password and now I have no idea how to
bring the laptop back and restore it to what it was before I made my
stupid decision. BTW, I do have administrative privileges to this
laptop.

Please, if anybody can help me with this before I go back to work with
the laptop, I would really appreciate it.

You will have to face the music - take the laptop back to work and
allow them to fix what you did.

Not that it matters really - but..
DO you have administrative priviledges as a local user to this laptop
or DID you have administrative priviledges through a domain account?

You tried to do something you did not understand without asking for
help. If you had asked, they may have told you to just map the
drives/resources you need manually - that you do not need to be a
member of the home workgroup (or if it had been your personal laptop
- a member of their domain) to access the resources that
workgroup/domain offered. Sure - the pretty GUI interface may not be
there for you, but a simple command line/script could map just about
whatever you need.

Well, this eperience sure has humbled me and I would be the first one
to call myself stupid for it. My administrative privilege is local to
this laptop only and what caused the false confidence in me was those
radio buttons that semed to suggest that you could simply switch
between the workgroup mode to domain assignment by just toggling
those buttons. It never crossed my mind that I could also lose my
User Name and Password by such a switch.

I'm still curious though how my IT guys could log into my PC and
reassign it to that domain. Is there some kind of superuser name and
password that allows them to get into the system no matter what?

To be honest - you may be able to join this computer back to the
domain yourself with your username/password.

You could try it - if you like - but be warned - the number of times
you would likely be able to do this would be highly limited if it
even exists. You would need to know the Fully Qualified Domain Name
(to be safe) and your username/password in the domain..

In other words:

FQDN: domainname.com
Username: DOMAINNAME\Username

And your password..

You'd need to be on their network/have access to their newtork at the
time you join the domain.

Hm ...
My fully qualified domain has many parts and follows this pattern:

workstationname.region.nos.company.com

You mean I would have to enter all this and append \Username to all
this? Will that fit in the login field for Username?

When you change the "radio button" to Domain from workgroup, you should
enter the FQDN (excluding the workstation name) in the domain field.. i.e.:
region.nos.company.com (However - if your DNS is setup correctly on your
laptop, whatever you saw when logging in would be fine.. For example, if in
the DOMAIN fiel in the logon box you saw "REGION", then you could enter that
in the DOMAIN field when leaving the workgroup for the domain.)

When it asks for the username, your username should be the DOMAIN name
backslash your username: REGION\Username.
(Since you are not a member of the domain yet - you need to tell the
authenticating system you are logging in as the DOMAIN user and not the
local user of that computer - although it may work out either way for you.)

On top of all that - you must be logged into the laptop as a local
administrator.

 

[R. P.]

When you change the "radio button" to Domain from workgroup, you
should enter the FQDN (excluding the workstation name) in the domain
field.. i.e.: region.nos.company.com (However - if your DNS is setup
correctly on your laptop, whatever you saw when logging in would be
fine.. For example, if in the DOMAIN fiel in the logon box you saw
"REGION", then you could enter that in the DOMAIN field when leaving
the workgroup for the domain.)

When it asks for the username, your username should be the DOMAIN name
backslash your username: REGION\Username.
(Since you are not a member of the domain yet - you need to tell the
authenticating system you are logging in as the DOMAIN user and not
the local user of that computer - although it may work out either way
for you.)

On top of all that - you must be logged into the laptop as a local
administrator.

Well, my company's PC Support guys fixed the problem today. Apparently
each PC has a special Administrator account and password that allows
them to log into it even if users like me screw things up. Next I'm
going to try out Malke's suggestion to map my printer attached to the
desktop PC's LPT1 port to the laptop. Frankly, I've never seen this "net
use" command before because our company printers were all on the network
with their own IP addresses.

Thanks for all the tips you guys gave me. Thanks to you, these MS news
groups are an invaluable resource.

Rudy

 

[R. P.]

Once you've logged in using your domain account (using cached
credentials), and have an IP address on the home network, you can map
drives, use printers, whatnot, very easily - one way, in a command
line:

net use x: \\computername\sharename /user:computername\username
<enter>

MS KB article about the Net Use command - http://tinyurl.com/3bpnj

Well, I tried this but when I am logged into my domain account (through
VPN) I can't even ping my desktop PC to which the printer is attached. I
can ping it though when I am not in my domain account (the VPN tunnel is
out) but the net use command still would give me the following result:
--------------------------------------
net use * \\MAINPC\LaserPrtr
The password is invalid for \\MAINPC\LaserPrtr
Enter the user name for 'MAINPC' : Boss
Enter the password for MAINPC:
System error 66 has occured.

The network resource type is not correct.
---------------------------------------

I might add that prior to the above command I did make the printer
attached to my desktop PC (MAINPC) shareable with the printer under the
LaserPrtr share name.
This is really frustrating and I am not even a computer illiterate
person. I just use Unix more than Windows and I don't have time to
research and read long tutorials on how to connect printers to computers
on the local network. Something like this used to be much more intuitive
in WinME, without all this "net use" stuff.

Rudy

 

[Lanwench [MVP - Exchange]]

In

Well, I tried this but when I am logged into my domain account
(through VPN) I can't even ping my desktop PC to which the printer is
attached.

They probably disable all non-VPN traffic when the tunnel is established
('use remote gateway') which is a very good idea from a security standpoint.
I do the same.

I can ping it though when I am not in my domain account
(the VPN tunnel is out)
Right.

but the net use command still would give me
the following result: --------------------------------------

net use * \\MAINPC\LaserPrtr
The password is invalid for \\MAINPC\LaserPrtr
Enter the user name for 'MAINPC' : Boss
Enter the password for MAINPC:
System error 66 has occured.

The network resource type is not correct.

Why the asterisk? Normally, with Windows network printing, you connect
directly to the shared printer. If you want to spoof it into using an LPT
port, you'd use

net use lpt1: \\computer\printershare

anyway.

---------------------------------------

I might add that prior to the above command I did make the printer
attached to my desktop PC (MAINPC) shareable with the printer under
the LaserPrtr share name.
This is really frustrating and I am not even a computer illiterate
person. I just use Unix more than Windows and I don't have time to
research and read long tutorials on how to connect printers to
computers on the local network. Something like this used to be much
more intuitive in WinME, without all this "net use" stuff.

Rudy

The issue isn't really a technical one, at bottom, I'm afraid. Can you
locally attach your printer to your laptop temporarily so you can print
while using VPN?

 

[Lanwench [MVP - Exchange]]

In

Well, my company's PC Support guys fixed the problem today. Apparently
each PC has a special Administrator account and password that allows
them to log into it even if users like me screw things up.

There's a built-in administrator account and password in NT based operating
systems. Most IT folks don't like to grant end-users admin rights over their
computers because it's so easy for mistakes like this to happen. You aren't
the first, and you surely won't be the last, to do this. However, you are
unlikely to do this again yourself, I imagine!

Next I'm
going to try out Malke's suggestion to map my printer attached to the
desktop PC's LPT1 port to the laptop.

Probably not necessary anyway - add a printer, choose network type, browse
to the computer to which it's attached, and select the printer. No need to
use LPT ports.

Frankly, I've never seen this
"net use" command before because our company printers were all on the
network with their own IP addresses.

No matter how you're trying to use your home network's printer, you'll
likely still have the same problem printing to it, because of the VPN....if
my surmisal (that's a word, right??) is correct, they're blocking all
traffic except that which goes from your laptop to the company network when
the tunnel is enabled. This keeps creepy crawlies from getting into your
perhaps unsecured home network, and into theirs. Hence my suggestion to
connect the printer directly when needed.

Thanks for all the tips you guys gave me. Thanks to you, these MS news
groups are an invaluable resource.

Rudy

They sure are.

 

[R. P.]

They probably disable all non-VPN traffic when the tunnel is
established ('use remote gateway') which is a very good idea from a
security standpoint. I do the same.

Yes, that's what I was thinking, too.

Why the asterisk? Normally, with Windows network printing, you connect
directly to the shared printer. If you want to spoof it into using an
LPT port, you'd use

The "net use" command description indicated that asterisk was an
alternate method and it lets the system assign the next device name.

net use lpt1: \\computer\printershare
anyway.

OK, I will, but it just occured to me that I would probably have to
install the driver for my Samsung laser printer on the laptop, too,
before I could use it as a remote printer, no? The fact that the driver
is installed on my desktop PC to which the printer is attached does not
substitute for installing it on the laptop as well, I think. Or am I
wrong?

The issue isn't really a technical one, at bottom, I'm afraid. Can you
locally attach your printer to your laptop temporarily so you can
print while using VPN?

I have not tried it but that, for sure, would require the printer driver
installation first. I'm kinda' hesitating installing non-authorized
software on my company laptop, so I might have to clear it with the IT
Dept. first.

Rudy

 

[R. P.]

There's a built-in administrator account and password in NT based
operating systems. Most IT folks don't like to grant end-users admin
rights over their computers because it's so easy for mistakes like
this to happen. You aren't the first, and you surely won't be the
last, to do this. However, you are unlikely to do this again yourself,
I imagine!

How did you guess?

Probably not necessary anyway - add a printer, choose network type,
browse to the computer to which it's attached, and select the printer.
No need to use LPT ports.

The problem was that even when I did not have the VPN tunnel up, I could
not see my other PC among the networked computers. That's strange after
being able to ping it. Do I need to make all the drive partitions
shareable on the other PC for that? I only made the main data drive
shareable and that is not the one on which the OS was installed.

No matter how you're trying to use your home network's printer, you'll
likely still have the same problem printing to it, because of the
VPN....if my surmisal (that's a word, right??) is correct, they're
blocking all traffic except that which goes from your laptop to the
company network when the tunnel is enabled. This keeps creepy crawlies
from getting into your perhaps unsecured home network, and into
theirs. Hence my suggestion to connect the printer directly when
needed.

Well, I would be happy if I could just print when the VPN is down.

Rudy

 

[Lanwench [MVP - Exchange]]

In

How did you guess?

I'm sharp like a tack. ;-)

The problem was that even when I did not have the VPN tunnel up, I
could not see my other PC among the networked computers. That's
strange after being able to ping it. Do I need to make all the drive
partitions shareable on the other PC for that? I only made the main
data drive shareable and that is not the one on which the OS was
installed.

Browsing requires that all your PCs be broadcasting their names on the
network - is NetBIOS over TCP/IP enabled? Don't worry about browsing. You
probably don't need it. You can use \\server\share when you need to connect
to something - or \\ipaddress\share.

Well, I would be happy if I could just print when the VPN is down.

Sure. See if my advice (re \\ ) helps.

 

[Lanwench [MVP - Exchange]]

In

Yes, that's what I was thinking, too.


The "net use" command description indicated that asterisk was an
alternate method and it lets the system assign the next device name.

For a drive letter, yes. But you're trying to use an LPT port, so you'd have
to specify it manually.

OK, I will, but it just occured to me that I would probably have to
install the driver for my Samsung laser printer on the laptop, too,
before I could use it as a remote printer, no? The fact that the
driver is installed on my desktop PC to which the printer is attached
does not substitute for installing it on the laptop as well, I think.
Or am I wrong?

It ought to install the driver to your computer automagically when you
connect to it if you don't re-map it to an LPT port, but add it as a network
printer. Provided the OS on the computer that shares the printer is the same
or newer than the OS on the laptop.

I have not tried it but that, for sure, would require the printer
driver installation first. I'm kinda' hesitating installing
non-authorized software on my company laptop, so I might have to
clear it with the IT Dept. first.

You are wise, my friend.
Also wise: buy a box of Krispy Kremes for your IT people. It's good to suck
up to them. ;-)

 

[R. P.]

Browsing requires that all your PCs be broadcasting their names on the
network - is NetBIOS over TCP/IP enabled? Don't worry about browsing.
You probably don't need it. You can use \\server\share when you need
to connect to something - or \\ipaddress\share.

The radio button that is set the "Default" which uses NetBIOS setting
from the DHCP server.
I'm afraid to change it and screw up something again in case this
setting is required for proper working on the company network.

BTW, I tried that "net use" command with the LPT1: device name as you
suggested, but I got this error message:
System error 1202 has occured.
The local device name has a remembered connection to another network
resource.

What does this really mean, anyway?

Then I tried the "net use" command with LPT2: and that was successful
after I entered my user name and password that I use on the desktop PC.

After this I tried the "Add Printer" icon and guess what? My Samsung
ML-1430 printer was successfully added to the list of printers and I
already made my first print without any need to install the printer
driver on the laptop. Whoa! But this is without tunneling into the
company network. Now I'll need to find out if I can do this also with
the VPN on.

As they say: I keep you posted ..."

Thanks for the patient hand holding,
Rudy

PS: Now where can I send you your share of Krispy Kremes? ;-)

 

[R. P.]

No matter how you're trying to use your home network's printer, you'll
likely still have the same problem printing to it, because of the
VPN....if my surmisal (that's a word, right??) is correct, they're
blocking all traffic except that which goes from your laptop to the
company network when the tunnel is enabled. This keeps creepy crawlies
from getting into your perhaps unsecured home network, and into
theirs. Hence my suggestion to connect the printer directly when
needed.

Good news on this front, too! As it turned out there was another type
of tunnel into my company's network: a split tunnel that leaves the
local LAN traffic out of the VPN. Setting this up allows me to access my
printer with the tunnel up or down as long as I do the "net use" command
first.

So thanks again for staying with me through all this,
Rudy