Registry Tatooing

[Guest]

I have a Win XPProSP2 machine that was removed from a domain. Previous
domain settings included a GPO to install a couple of apps by assigning them
to the machine via .msi packages. A problem occurred on the server and I
erroneously reconfigured the computer configuration/software
settings/software installation portion of the GPO.

The apps no longer existed on the server but their application continued to
appear in the RSOP.msc-generated report (although with an error ! flag), both
before and after the target machine was disjoined from the domain.

My questions:
1) Is this behaviour what I have heard described as "tattooing" (of registry
settings)?
2) Where can I learn more about tattooing and what kinds of settings are
prone to this behaviour? (I scanned the registry after disjoinging the domain
and was surprised at how many domain-related keys/values remain)
3) How can I remove/reconfigure the settings in the registry (or
%systemroot%?) to permanently remove the existence of the apparent
GPO-applied software installation package, so that I get a clean and
representative RSOP report?

Many thanks for any guidance anyone can provide.

 

[Lanwench [MVP - Exchange]]

In

I have a Win XPProSP2 machine that was removed from a domain.
Previous domain settings included a GPO to install a couple of apps
by assigning them to the machine via .msi packages. A problem
occurred on the server and I erroneously reconfigured the computer
configuration/software settings/software installation portion of the
GPO.

The apps no longer existed on the server but their application
continued to appear in the RSOP.msc-generated report (although with
an error ! flag), both before and after the target machine was
disjoined from the domain.

My questions:
1) Is this behaviour what I have heard described as "tattooing" (of
registry settings)?

I'd never heard the phrase. Then again, I don't get out much. Just googled
for "registry tattooing" and found 137 hits (some of which refer to purebred
dogs).

2) Where can I learn more about tattooing

Hmmm. What did you find when *you* googled for "registry tattooing" ? ;-)

and what kinds of settings
are prone to this behaviour? (I scanned the registry after
disjoinging the domain and was surprised at how many domain-related
keys/values remain) 3) How can I remove/reconfigure the settings in
the registry (or %systemroot%?) to permanently remove the existence
of the apparent GPO-applied software installation package, so that I
get a clean and representative RSOP report?

Many thanks for any guidance anyone can provide.

Maybe http://www.gpoguy.com/FAQs/tattoo.htm will help.
or
http://www.security-forums.com/viewtopic.php?t=37229
or
http://redmondmag.com/columns/article.asp?editorialsid=1279

OT, but I would just shrug & flatten/reinstall the box, if it is not
to be used on the previous domain to which it belonged. You will likely
waste a lot of time chasing down the settings & restoring them to non-domain
defaults - so, unless this is a "voyage of discovery" as you are just
inquisitive by nature, I'd start over with a clean machine.

 

[Shenan Stanley]

I'd never heard the phrase. Then again, I don't get out much. Just
googled for "registry tattooing" and found 137 hits (some of which
refer to purebred dogs).

*grin*
The term is actually quite old and I stopped hearing about it as much when
Windows 2003 came about.
It is mentioned cursory in several MSKB articles and chats - mostly centered
around custom group policies that stay even after they have been changed
(either with GP or by removal of the client machine from the domain.)

Although they can be changed manually (in the registry) - in most cases, the
quickest and most assurable solution is "start over."

 

[Lanwench [MVP - Exchange]]

In

*grin*
The term is actually quite old and I stopped hearing about it as much
when Windows 2003 came about.

Crap, I hate learning new things. My brain is full!

It is mentioned cursory in several MSKB articles and chats - mostly
centered around custom group policies that stay even after they have
been changed (either with GP or by removal of the client machine from
the domain.)
Although they can be changed manually (in the registry) - in most
cases, the quickest and most assurable solution is "start over."

Ayuh, that's my recommendation as well.

 

[Guest]

By "starting over", would a Repair installation, as opposed to a clean
install, clear the registry of these apparent domain GPO vestiges?

Many thanks,
JCB

 

[Lanwench [MVP - Exchange]]

In

By "starting over", would a Repair installation, as opposed to a clean
install, clear the registry of these apparent domain GPO vestiges?

Many thanks,
JCB

It might, but it might not. I think it's likely going to be a big waste of
time. Just flatten/reinstall from scratch.

 

[Dave Patrick]

It wouldn't hurt (or take much time) to give this a go before blowing it
away.

http://support.microsoft.com/kb/313222

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| It might, but it might not. I think it's likely going to be a big waste of
| time. Just flatten/reinstall from scratch.

 

[Lanwench [MVP - Exchange]]

In

It wouldn't hurt (or take much time) to give this a go before blowing
it away.

http://support.microsoft.com/kb/313222

Nice - I'm adding that to my favorites. Thanks, Dave.