Link to home
Start Free TrialLog in
Avatar of LB1234
LB1234

asked on

Increase time before non-connecting pc is removed from Active Directory and needs account reset

We have a remote office which users infrequently travel to, and sometimes they're unable to log into the PC because it hasn't been logged in, in a long while we.  We have to add the pc to  a workgroup, then join the domain, then reboot.  We want to increase the length of time before this takes place, reducing the support issues related to this.  Please advise.  Thank you.
Avatar of TimMurp
TimMurp

This is the best article you could ever read on secure channels in domains.

http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx

Big things to remember is the computer must have current Domain controller registered. So if they have changed it might need a second reboot.
ASKER CERTIFIED SOLUTION
Avatar of sjepson
sjepson
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LB1234

ASKER

Steve, this seems to be an article about computer password account age.  I'm concerned with the period of time between which a pc does not in to the domain, and then can no longer log in when that threshold is exceeded, without resetting the account or re-joining the PC to the domain.
Avatar of LB1234

ASKER

I've requested that this question be deleted for the following reason:

no relevant suggestions or suggestions didn't solve problem.
The standard setting is 30 days...and you are talking about the same thing. The computer password is different from a user password. It is what allows the machine to connect to the domain.
No objection from me. If LB1234 chooses not to take on board our responses then that's up to him/her.

Steve
On our domain i have two different OU's for this..
One which is our Desktops which don't move and another for the laptops which travel.
The laptop policy is configured to allow the laptops to not need to log into the domain at startup.
The desktop policy is set to wait for the DC to log in.

The password policy is something you can also do, which is mentioned above.

Our travelers are not out for long enough for the password policy for them to matter.

Another method you can use, depends on your firewall and there access, but Cisco (Anyconnect) allows you to connect via script before log-on which if you use this, you can use the cached profile settings for log-on when they are not in the office and not online, but you can also use the original password policy, and keep security tight..