RE: [NTSysADM] Win 7 workstations losing trust

[Kennedy, Jim]

I was rather shocked to see such a policy even existed.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, October 2, 2014 11:23 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Win 7 workstations losing trust

I sure hope that PVS machine accounts are always held in a separate OU and that 
the GP is targeted to only that OU…

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Thursday, October 2, 2014 9:43 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Win 7 workstations losing trust

That happens with PVS when the group policy to not do machine password changes 
is not set.

Verify the Group Policy Object (GPO) in the Organization Unit (OU) where the 
target device is located for the policy Disable machine account password 
changes to be enabled. This provides Provisioning Services (PVS)  control over 
the target Active Directory machine account.

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, October 02, 2014 9:39 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Win 7 workstations losing trust

PVS images sometimes lose their trust relationship because the AD machine 
account password has expired and it therefore can't contact the domain any 
more. That's the only time I tend to see it occurring regularly, although there 
may be many other reasons I am unaware of.

On 2 October 2014 10:55, David McSpadden 
<dav...@imcu.com<mailto:dav...@imcu.com>> wrote:
Why does this happen?
I get them rejoined but why do they lose their trust relationship in the first 
place?

Sent from my iPhone
This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.



--
James Rankin
---------------------
RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization 
Practice Analyst - Desktop Virtualization
http://appsensebigot.blogspot.co.uk