Changes between Version 7 and Version 8 of FAQ_nuggets


Ignore:
Timestamp:
May 18, 2011, 3:04:28 AM (14 years ago)
Author:
Fred T. Hamster
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FAQ_nuggets

    v7 v8  
    1515== How to Keep Virtual Machines in a Windows Domain ==
    1616
    17 VMWare and HyperV virtual machines will often lose their membership in a Windows Domain (not to be confused with an Internet Domain) for a complex variety of reasons.
     17VMWare and HyperV virtual machines will often lose their membership in a Windows Domain (not to be confused with an Internet Domain) for a complex variety of reasons.  One of these reasons is the automatic password change procedure followed between the windows domain client and the domain server.  In this process, the domain client (your PC or VM) renegotiates a new secret password with the domain server, which they both "remember" for future interactions.
    1818
    19 There seems to be no outright cure except for carefully and regularly snapshotting the machine, and never reverting to a very old snapshot.  This is a fair amount of work, as one accumulates more vms, so it's not ideal and it's not even a total solution.
     19The hidden password in question is a shared secret between the domain server and your machine.  It is already protected as well as Windows can protect any password, and thus it seems relatively safe to stop updating this password for test machines that are continually reverted.
    2020
    21 However, one partial remedy to lost domain membership is to disable the automatic password change in Windows to reduce the chances of your VM being dropped from the domain.  This password is a shared secret password between the domain and your machine, and it seems relatively safe not to update it for test machines that are continually reverted.  This change is only needed on the client side, not on the domain controller.  The password change feature is disabled by adding a value in the registry key at:
     21And disabling the password changing process is an important partial remedy to the lost domain membership problem.  By disabling the automatic password change, the chances for your VM to be dropped from the domain are greatly reduced.
     22
     23This change is only needed on the client side, not on the domain controller.  The domain password change feature is disabled by adding a value in the registry key at:
    2224
    2325{{{
     
    3234reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v DisablePasswordChange /t REG_DWORD /d 1 /f
    3335}}}
    34 
    35 
    36 
    37 
    38