XP Machine Account Password Changes
We have several hundred windows XP clients that are used in Lab and Classroom settings. These machines are protected by Compguard Cornerstone (a drive protection software). Within the last 6 months almost all of these machines began falling off the domain every 30 days. I did some reading and the drive protection software manufacturer recommends disabling Machine Account Password changes since the protection software would revert the machine to it's old password after a reboot - post password change.
After reading up on the Machine Account Password GPO settings, I placed a GPO in the OU in Active Directory which contains our protected machines. I adjusted the value of "Disable Machine Account Password Changes" to 'Enable' which should prevent the machine from future changes.
I logged into a number of these machines and the GPO was indeed being applied; however, yet again after 30 days, all the machines start to fall of the domain!
Am I missing something? Is there another step that I need to take to get these machines to stop changing there account passwords?
Any help would be much appreciated!!
Re: XP Machine Account Password Changes
Computer account passwords are utilized to set up secure channel communications among members and domain controllers within the domain, including domain controllers themselves. Once recognized, the secure channel is utilized to transmit perceptive information that is essential for making authentication and authorization. This adjustment should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual boot two installations that bind to the same domain, to the two installations different team names.
Re: XP Machine Account Password Changes
This is a really old post, but the solution to our problem was to apply the GPO preventing secure channel password changes before enabling the drive protection software.
If this wasn't done, the workstations would request password changes before the GPO was applied every time the PC was restarted.