Alright, so I messed up my dad's work computer, I needed to change the domain to a Workgroup, and when that happened, it disabled my Dad's account, and now I can't log in anymore, is there any way to get the domain to display again at logon? (running Windows 2000 Professional) I also cannot log into administrator as this is a company computer and they do not allow you to.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Changed Domain to Workgroup! Help!
- Thread starter Jago
- Start date
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
No, you shouldn't have changed anything on a company computer in the first place.
Your dad will need to contact the tech support of his company to fix the problem.
Your dad will need to contact the tech support of his company to fix the problem.
You won't be able to log onto your dad's account until you rejoin it to that same domain. You can, however, use software to find out the password on an administrative account and log into Windows that way. You won't be able to rejoin it to the domain without having the company's network admin doing it.
www.loginrecovery.com is the only thing i can think of off the top of my head.
www.loginrecovery.com is the only thing i can think of off the top of my head.
Aslander said:
Don't do this on a work computer. As an IT manager, doing this would really piss me off. That would be on top of being annoyed that it had been removed from the domain.
Password recovery utilities like is the reason for enabling syskey by boot time password.
I've done that on my moms laptop before as well. I think had to resort to wiping the password and some other stuff, but the user accounts in general on the laptop were messed up for quite some time. The laptop was usable but had some problems connecting to specific parts at the work's network. The tech guy fixed it a few weeks later. For now I just don't bother myself with the settings.
I'd have to agree with da sponge, Considering your dad had his "kid" work on his corporate laptop, he has already pissed off his IT group/person. There's no reason why it would have needed to be in a workgroup. If it was meant to have access to a shared resource on your home network, then it doesn't need to be in a workgroup.
This is one of those issues where the computer account will need to be re-created. If I was you, I would start working on my apology to my dad. If I was your dad, I'd start working on my apology to the IT guys, and I'd send a note to my boss explaining why my PC was messed up. It's a corporate laptop, so in the future don't do anything to it. That's what corporate IT people are for.
This is one of those issues where the computer account will need to be re-created. If I was you, I would start working on my apology to my dad. If I was your dad, I'd start working on my apology to the IT guys, and I'd send a note to my boss explaining why my PC was messed up. It's a corporate laptop, so in the future don't do anything to it. That's what corporate IT people are for.
First off some of you are breaking the rules by giving him advice to circumvent the security on that laptop.
Secondly, and most importantly, this kid is in trouble because he was changing settings when he had no business doing so. So why on Earth would you recommend he uses a utility to change/reset/find the admin password?
I'm sure the kid isn't in much trouble ATM, but if he starts trying to bypass user accounts on the laptop he and his dad could get into hot water with the network admin. Or at least on his bad side, which is generally just as bad.
Secondly, and most importantly, this kid is in trouble because he was changing settings when he had no business doing so. So why on Earth would you recommend he uses a utility to change/reset/find the admin password?
I'm sure the kid isn't in much trouble ATM, but if he starts trying to bypass user accounts on the laptop he and his dad could get into hot water with the network admin. Or at least on his bad side, which is generally just as bad.
aslander said:
He had that part right. It will take about 1-5 mins to add the PC back into the domain and there won't be any problems for him logging into his domain account then.
Don't freak out too much. Like S1nF1xx said if you do anything else to it at THAT point THEN there's a much larger potential for problems.
Just blame the admin for not setting up the computer right. It shouldnt have been possible for anyone to remove the computer from the domain without the proper credentials. I've never had a problem with any of the users on my network removing their computer from the domain.
Not all companies restrict the local rights of a user. I know we allow local admin rights because a lot of the software various groups need require local admin rights. It certainly cuts down on the everyday calls of "can you do this for me, etc". Our user base is pretty good, so they can handle it. Some other companies I've worked for or dealt with, definitely should restrict access.Aslander said:
QwertyJuan
[H]F Junkie
- Joined
- Aug 17, 2000
- Messages
- 11,285
Phoenix86 said:
ditto...
QJ
To get back on topic:
My recommendation: owe up to the mistake, make a nice apoligy and forget about it.
ps.: beer helps IT people forgive
It will take >15 mins to fix the problem that you have created. Do yourself a favor and do not MAKE IT WORSE. If your dad is cool with the IT people (buying a beer after work may help here) it won't be an issue, but if you start try to circumvent admin passwords etc. you will be in more trouble, since most IT people do not like that kind of stuff.S1nF1xx said:
My recommendation: owe up to the mistake, make a nice apoligy and forget about it.
ps.: beer helps IT people forgive
Where are you people getting the 15 minute number?
It takes me all of 3 minutes, from power on, to rejoin a machine to the domain.
The real issue that the IT person might have is someone fucking around where they shouldn't be. That pisses me off to no end, cleaning up the messes my users make when they were doing something they shouldn't have.
Not that they have a great opportunity to do that, if you aren't me on the network, you have no rights on my network. You can log in, that's about it.
It takes me all of 3 minutes, from power on, to rejoin a machine to the domain.
The real issue that the IT person might have is someone fucking around where they shouldn't be. That pisses me off to no end, cleaning up the messes my users make when they were doing something they shouldn't have.
Not that they have a great opportunity to do that, if you aren't me on the network, you have no rights on my network. You can log in, that's about it.
I'm giving 15 minutes as well. When you have a global network with over 200,000 nodes and you do all domain related over a web app, it can at least that long. The OP never stated what the size of the company is, so don't assume it's some little company all in one tiny little building. Most of our offices don't even have a local IT presence, so that could even complicated matters like this.XOR != OR said:
True it could take that long... but lets cool down on the timeframe it will take to fix. He's been given the solution to his problem. Lets wait and see what he replies with what he ended up doing. Chances are he'll ghost the thread and never return.
Tehehe, I have had users ship their DESKTOP box to me to re-join the domain. I can be such a bastard sometimes.
They won't be making that mistake again...
No local IT=fucked in many cases. Yes there are alternate ways, but many IT shops are not comfortable with those options.
They won't be making that mistake again...
No local IT=fucked in many cases. Yes there are alternate ways, but many IT shops are not comfortable with those options.
XOR != OR said:Fair enough, my experience with windows domains are limited to a small number of systems.
Thankfully.
30K+ users here. Takes that 3 minutes you referenced. No reason to take 15 minutes to join a domain unless you have to wait 10 of them to talk about why the machine was un-joined before you boot it up.
I don't want to speak out of my scope here as I'm not much of a server guy, but the point is, the time entirely depends on the network.ktwebb said:
# of servers.
Speed of servers.
# of objects.
WAN speed.
etc.
I have worked on a 30k+ object domain that took 20 minutes for new objecs to show up across the domain.
So you setup a DC at every location. Replication can occur at timed intervals during the day or even setup for after hours replication if that's how you wanted to do it. Users authenticate locally.
I am not arguing the 15 minutes as a possibility. Just not necessary if you don't want it to be. And ok, if you have the fiscal resources. Servers are pretty cheap these days. For a company with remote sites I'd be setting up remote DC's
I am not arguing the 15 minutes as a possibility. Just not necessary if you don't want it to be. And ok, if you have the fiscal resources. Servers are pretty cheap these days. For a company with remote sites I'd be setting up remote DC's
Talk to some people about managing a global network, and you'll see why "just adding DCs" isn't a good idea to attack any problem. Maybe with a company that has 5 remote sites. Your thinking in a very small box like the one who said it only takes 3 minutes.ktwebb said:
That's still a small to medium network in my book. Read more about my posts and others as to how we do our domain admin work as well. Just because you're not familiar with a situation or an environment, doesn't mean it doesn't exist. Gotta love the closed-mindedness on here sometimes.ktwebb said:
djnes said:
Ok, so YOUR domain in YOUR instance takes a long time to add items to the domain. You're talking global. Do you, globally, allow users the ability to disjoin from the domain?
I'm going to guess no. If you do, and it takes 20 minutes each time something happens, you might want to go ahead and:
1) disable the ability for them to do that or
2) find a way to add something to the domain in less time
So, TYPICALLY, any computer that is allowed the ability to disjoin from a domain is not going to take 20+ minutes to rejoin.
Ok guys lets all put our "IT PENIS" back in our pants here.
This kid or guy needs to know waht to do and I think drizzt81 said ti best
I know I would forgive someone if they bought me a 12 pack of Killians Irish Red for messing up a domain a PC was on.
So if the kid or guy is underage, give dad 15 bux and tell hm what happened and to buy the IT guy beer with it. Problem solved.
This kid or guy needs to know waht to do and I think drizzt81 said ti best
I know I would forgive someone if they bought me a 12 pack of Killians Irish Red for messing up a domain a PC was on.
So if the kid or guy is underage, give dad 15 bux and tell hm what happened and to buy the IT guy beer with it. Problem solved.
Actually, we give each user local admin rights to their box, so yes, they can "disjoin" themselves from the domain. In a small to medium network, I'm sure it takes less time. However, our domain management isn't done directly on the server. That would be foolish and nearly impossible with the amount of support personal we have. We use a web application that is based on your user account to make such changes. We have varying levels of access and abilities, but it takes up to 15 minutes to replicate such changes out to the entire domain. I've created a computer account for myself and have had it active in a minute or two. But, depending on what's going on, network traffic, etc etc, it can take up to 15 minutes. Would you like to continue this debate as if you know everything about my companies network, or can you leave it the fact you don't know everything about every corporate network in the world, and you can only speak about your own experiences? As someone above me said, put your e-Penis away. Unless you work for the same ocmpany as me, you don't know what goes on there, and how we run things. I realize that this makes me come across as an ass, but I'm telling you how it is in our environment. I know of many other companies I've done outsourcing for that take even longer. Once such company, it often took 2 - 4 hours for a new domain account to be active after it was requested.ccarrigan said:
And kids: take it easy. If a person has physical access to a machine, the steps necessary to gain admin privs is not beyond the capabilities of most who post here.
Physical access == 0wnage
Who gives a damn if it takes 5, 10, 15, or however many minutes to put back right?
Physical access == 0wnage
Who gives a damn if it takes 5, 10, 15, or however many minutes to put back right?
djnes said:
As far as my e-Penis, I'll put mine away if you do the same
My comments were to show that while it may be a big deal to YOU, my comments took some general commonalities and concluded that when the IT department hears about this, it will not be a huge deal.
I wasn't whipping my e-Penis out at all. I'm an engaged man, which means I have to ask permission first before doing anything with my penis...E or not.ccarrigan said:As far as my e-Penis, I'll put mine away if you do the same
My comments were to show that while it may be a big deal to YOU, my comments took some general commonalities and concluded that when the IT department hears about this, it will not be a huge deal.
I was simply discussing different environments to show that your comments about the 3 minute domain rejoin don't apply everywhere. It was a blanket statement that needed some amendments. I've worked for little companies that are exactly as you describe, so don't think I am disagreeing with you. I am just pointing out that some environment aren't so quick and easy to make changes on. The OP never stated anything about his dad's IT group. They could be real dicks and give him a hard time. They could also be like most, and smile about it, make the fixes for him real quick, and then make fun of him behind his back like most of us do.