Announcement

Collapse
No announcement yet.

Manage a computer in Active Directory

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Manage a computer in Active Directory

    Hi,

    I have a user who keep disabling a service (I think) or does regedit mods on his PC to disable the ability to allow his PC to be managed through AD.

    I thought at first his PC lost sync with the DC (or GC) so last night I removed the PC from the domain, renamed it and reset the account in AD, then deleted it from the AD.

    I then proceeded to re-add it to the domain. It was fine until now. I don't know if it's the user or there might be other issues with the Global Catalog.

    I've had this problem before and the above proceedure never fails and works everytime, except with this PC/User.

    It can't be a windows firewall because it is all pushed by GPO. I made sure the computer is in the right OU and pushed the GPUPDATE remotely using Specops.

    Could it be the Workstation Service is disabled manually? This would have other effects though (File shares , Printing) . No?

    Info: Traget Workstation is XP Pro SP3 and I have 2 DC on the network.
    Last edited by shades; 28th May 2009, 17:43.

  • #2
    Re: Manage a computer in Active Directory

    Sounds like a problem with the remote machine rather than AD. Check if the computer browser and server services on the remote host are set to automatic.

    Comment


    • #3
      Re: Manage a computer in Active Directory

      Is this user an administrator? Bumping him down to a regular user would solve a lot of these issues or at least rule him/her out as the culprit. Have you checked the PC's event log to see if any funny errors are there?
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: Manage a computer in Active Directory

        Originally posted by Nonapeptide View Post
        Is this user an administrator? Bumping him down to a regular user would solve a lot of these issues or at least rule him/her out as the culprit. Have you checked the PC's event log to see if any funny errors are there?
        Yep, probably the easiest remedy to fix this issue with a tinkerer.

        You could also use GPO's to block access to the MMC consoles and certain executables.

        Comment


        • #5
          Re: Manage a computer in Active Directory

          Originally posted by wullieb1 View Post
          You could also use GPO's to block access to ... certain executables.
          Like explorer.exe?
          Wesley David
          LinkedIn | Careers 2.0
          -------------------------------
          Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
          Vendor Neutral Certifications: CWNA
          Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
          Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

          Comment


          • #6
            Re: Manage a computer in Active Directory

            Originally posted by Nonapeptide View Post
            Like explorer.exe?
            Wouldn't that be fun

            Comment


            • #7
              Re: Manage a computer in Active Directory

              I finally got physical access to the user's workstation. It turned out to be the "Computer Browser" service had been disabled. I re-enabled the service and restarted the Workstation service and this has fixed the issue.

              Scurlaruntings was right!

              Thanks to all!

              I will defenitely look in to blocking the MMC console
              Last edited by shades; 1st June 2009, 22:45.

              Comment


              • #8
                Re: Manage a computer in Active Directory

                Remove the user from the local administrators group.

                Comment


                • #9
                  Re: Manage a computer in Active Directory

                  Originally posted by scurlaruntings View Post
                  Remove the user from the local administrators group.
                  with a big stick!
                  This message represents the official view of the voices in my head

                  Comment

                  Working...
                  X