Hi,
in most Active Directory Enviroments the Certificate Enrollment is active which generates and enrolls a certificate for each client. This can be used for Radius authentication or as certificate for an IIS webserver.
Typically the client renews this certificate itself.
Continue reading Windows: Renew a machine certificate →
Hi,
for test purposes it could be necessary to backup a computer by an image tool, i.e. Acronis TrueImage, and after the test is completed or in situations of a failure reset the computer back to it’s initial state by restoring the image.
In domain environments this could be a problem, because each computer which is member of a Windows Active Directory Domain is negotiating a password with the domain and this password is changed after 7 Days. If your Image is older the domain member ship is broken and you have to rejoin.
The password change is initiated by the client and this behaviour could be prevented by setting a registry value. Set this value, make an image afterwards and you will be able to restore the image as often you want or need without to leave the domain.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"DisablePasswordChange"=dword:00000001
Set it by command line
reg ADD HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v DisablePasswordChange /t REG_DWORD /d 1 /f
Have a nice day
Michael
My Knowledgebase for things about Linux, Windows, VMware, Electronic and so on…