RE: [NTSysADM] Win 7 workstations losing trust

[Kennedy, Jim]

We don't have any malware here actually.

-----Original Message-----
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Susan Bradley
Sent: Thursday, October 2, 2014 11:49 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Win 7 workstations losing trust

Malware can be a factor.

Susan Bradley
http://blogs.msmvps.com/bradley

On 10/2/2014 8:34 AM, Kennedy, Jim wrote:
>
> It’s a mystery I have never solved. We see 2 or 3 a month out of 3000. 
> These are not machines that are sitting idle, they are in use a lot.
>
> *From:*listsad...@lists.myitforum.com 
> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *David McSpadden
> *Sent:* Thursday, October 2, 2014 11:30 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Win 7 workstations losing trust
>
> Still unsure why my DC where not updating the machine accounts like 
> they should.
>
> I fired them, dcpromo /forceremoval.
>
> Powered off.
>
> Everything I am reading is just telling me how to get my shit back in 
> the Domain nothing about the cause of the disjoin other than it 
> couldn’t get a ticket from the KDC.  (Why doesn’t it ask the next DC 
> in the queue?)
>
> I am still having users call and state their workstation is losing a 
> Trust Relationship.
>
> Rebooting 4-5 times seems to ‘fix’ it but what is really broken??
>
> *From:*listsad...@lists.myitforum.com 
> <mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Kennedy, Jim
> *Sent:* Thursday, October 02, 2014 11:24 AM
> *To:* ntsysadm@lists.myitforum.com <mailto:ntsysadm@lists.myitforum.com>
> *Subject:* RE: [NTSysADM] Win 7 workstations losing trust
>
> I was rather shocked to see such a policy even existed.
>
> *From:*listsad...@lists.myitforum.com 
> <mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Michael B. Smith
> *Sent:* Thursday, October 2, 2014 11:23 AM
> *To:* ntsysadm@lists.myitforum.com <mailto:ntsysadm@lists.myitforum.com>
> *Subject:* RE: [NTSysADM] Win 7 workstations losing trust
>
> I sure hope that PVS machine accounts are always held in a separate OU 
> and that the GP is targeted to only that OU…
>
> *From:*listsad...@lists.myitforum.com 
> <mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Webster
> *Sent:* Thursday, October 2, 2014 9:43 AM
> *To:* ntsysadm@lists.myitforum.com <mailto:ntsysadm@lists.myitforum.com>
> *Subject:* RE: [NTSysADM] Win 7 workstations losing trust
>
> That happens with PVS when the group policy to not do machine password 
> changes is not set.
>
> Verify the Group Policy Object (GPO) in the Organization Unit (OU) 
> where the target device is located for the policy *Disable machine 
> account password changes *to be *enabled*. This provides Provisioning 
> Services (PVS)  control over the target Active Directory machine account.
>
> Webster
>
> *From:*listsad...@lists.myitforum.com 
> <mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *James Rankin
> *Sent:* Thursday, October 02, 2014 9:39 AM
> *To:* ntsysadm@lists.myitforum.com <mailto:ntsysadm@lists.myitforum.com>
> *Subject:* Re: [NTSysADM] Win 7 workstations losing trust
>
> PVS images sometimes lose their trust relationship because the AD 
> machine account password has expired and it therefore can't contact 
> the domain any more. That's the only time I tend to see it occurring 
> regularly, although there may be many other reasons I am unaware of.
>
> On 2 October 2014 10:55, David McSpadden <dav...@imcu.com 
> <mailto:dav...@imcu.com>> wrote:
>
> Why does this happen?
> I get them rejoined but why do they lose their trust relationship in 
> the first place?
>
> Sent from my iPhone
> This e-mail and any files transmitted with it are property of Indiana 
> Members Credit Union, are confidential, and are intended solely for 
> the use of the individual or entity to whom this e-mail is addressed. 
> If you are not one of the named recipient(s) or otherwise have reason 
> to believe that you have received this message in error, please notify 
> the sender and delete this message immediately from your computer. Any 
> other use, retention, dissemination, forwarding, printing, or copying 
> of this email is strictly prohibited.
>
> Please consider the environment before printing this email.
>
>
>
>
> -- 
>
> *James Rankin*
> ---------------------
> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The 
> Virtualization Practice Analyst - Desktop Virtualization
> http://appsensebigot.blogspot.co.uk
>
> This e-mail and any files transmitted with it are property of Indiana 
> Members Credit Union, are confidential, and are intended solely for 
> the use of the individual or entity to whom this e-mail is addressed. 
> If you are not one of the named recipient(s) or otherwise have reason 
> to believe that you have received this message in error, please notify 
> the sender and delete this message immediately from your computer. Any 
> other use, retention, dissemination, forwarding, printing, or copying 
> of this email is strictly prohibited.
>
> Please consider the environment before printing this email.
>