|
Hey everyone… Happy New Year… I am doing some research to help establish some new standards for
provisioning Workstations in our AD domains. In the past, any Windows NT
workstation that was going to need to access domain resources was added to the
domain. This means machines that were on the corporate network, and home
machines. The problem we are having is that home machines are not being
maintained as well as the corporate machines, and the home machines don’t
connect into the corporate network very frequently. We are in the process
of consolidating several resource domains as well, and we are trying to decide
which accounts to move, and which ones not to move. When we move computer
accounts the process requires that the local user profiles get re ACLed, as
well as the local file systems. So the questions I have that I am looking for feed back on are as
follows. 1.
On average how long do you allow
computer accounts to stay deactivate in your domain, and what issues do you run
into when machines are disconnected longer than say the 60 days. (I think
I remember reading somewhere that secure channel passwords get reset every 30
days on machine accounts). If the passwords are out of sync when the
machine try to join the domain again, will they auto renegotiate a new secure
channel password even though the password is out of sync or does it always
require resetting the secure channel? 2.
Do you allow machines that are primarily
home machines connect in as domain resources, or do you use other means to
provide remote access to domain resources? If so what alternative means
do you provide remote access to resources? 3.
Finally, do you require machines
to go through a provisioning process when the computer account is created and
removed from the domain? If so, how do you manage the process. In
today’s domains, I would think it would be desirable with the need to
have certificates issued for EFS, etc. Thanks in Advance for any feedback you all offer. Todd |
- RE: [ActiveDir] Computer Accounts and request for c... Myrick, Todd (NIH/CIT)
