PVS handles the “sysprep” stuff in the streaming of the image and maintains the machine account password in its SQL database.
Webster From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Thursday, October 02, 2014 11:59 AM To: [email protected] Subject: RE: [NTSysADM] Win 7 workstations losing trust Oh, it certainly has its place. For example, you pre-stage 150 Win8.1 laptops for offline domain join using Direct Access. In that case, you also need to pre-stage the machine password (djoin.exe does that for you and stores it – encrypted – in the load file). PVS may do something similar. Web is the expert. ☺ From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Thursday, October 2, 2014 11:24 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Win 7 workstations losing trust I was rather shocked to see such a policy even existed. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Thursday, October 2, 2014 11:23 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Win 7 workstations losing trust I sure hope that PVS machine accounts are always held in a separate OU and that the GP is targeted to only that OU… From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Webster Sent: Thursday, October 2, 2014 9:43 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Win 7 workstations losing trust That happens with PVS when the group policy to not do machine password changes is not set. Verify the Group Policy Object (GPO) in the Organization Unit (OU) where the target device is located for the policy Disable machine account password changes to be enabled. This provides Provisioning Services (PVS) control over the target Active Directory machine account. Webster From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Rankin Sent: Thursday, October 02, 2014 9:39 AM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Win 7 workstations losing trust PVS images sometimes lose their trust relationship because the AD machine account password has expired and it therefore can't contact the domain any more. That's the only time I tend to see it occurring regularly, although there may be many other reasons I am unaware of. On 2 October 2014 10:55, David McSpadden <[email protected]<mailto:[email protected]>> wrote: Why does this happen? I get them rejoined but why do they lose their trust relationship in the first place? Sent from my iPhone This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. -- James Rankin --------------------- RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk
