Logon problems/password reassignment

[Isaiah]

i'm trying to troubleshoot an issue in a lab setting. we
are running software that clears each local machine of
any changes upon reboot(i.e.files saved/edited/deleted,
settings changed, viruses downloaded, etc.), so when
passwords are reassigned and the client machines are
rebooted they are unable to logon to the active directory
domain.
Questions:
1. is an object being written on the client side?
2. if so, is it possible to change the location to
another partition and how?
3. is there anyway of setting the exact time for password
reassignment and how?
4. is it possible to disable "random" password
reassignment and how?

Any feedback would be greatly appreciated, as this has
cause huge problems (60 machines all at once that cannot
logon to the domain.

Thanks.

 

[Mike Aubert]

Hi Isaiah,

Each Windows NT/2000/XP/2003 (not Windows 9x) workstation uses a secure
channel to communicate with the domain. On Windows 2000 and newer systems
the password used to establish the secure channel is changed every 30 days
by default. You can disable the changing of machine passwords, but of course
this is *not* recommended for security reasons. Here is a MS Knowledge Base
article that has the details:

http://support.microsoft.com/default.aspx?scid=154501

You can also prevent workstations from changing their passwords in Windows
2000 by using Group Policy. The policy is called Prevent system maintenance
of computer account password and is located in Computer Configuration >
Windows Settings > Security Settings > Local Policies > Security Options.

Mike

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.