LB1234
asked on
Increase time before non-connecting pc is removed from Active Directory and needs account reset
We have a remote office which users infrequently travel to, and sometimes they're unable to log into the PC because it hasn't been logged in, in a long while we. We have to add the pc to a workgroup, then join the domain, then reboot. We want to increase the length of time before this takes place, reducing the support issues related to this. Please advise. Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Steve, this seems to be an article about computer password account age. I'm concerned with the period of time between which a pc does not in to the domain, and then can no longer log in when that threshold is exceeded, without resetting the account or re-joining the PC to the domain.
ASKER
I've requested that this question be deleted for the following reason:
no relevant suggestions or suggestions didn't solve problem.
no relevant suggestions or suggestions didn't solve problem.
The standard setting is 30 days...and you are talking about the same thing. The computer password is different from a user password. It is what allows the machine to connect to the domain.
No objection from me. If LB1234 chooses not to take on board our responses then that's up to him/her.
Steve
Steve
On our domain i have two different OU's for this..
One which is our Desktops which don't move and another for the laptops which travel.
The laptop policy is configured to allow the laptops to not need to log into the domain at startup.
The desktop policy is set to wait for the DC to log in.
The password policy is something you can also do, which is mentioned above.
Our travelers are not out for long enough for the password policy for them to matter.
Another method you can use, depends on your firewall and there access, but Cisco (Anyconnect) allows you to connect via script before log-on which if you use this, you can use the cached profile settings for log-on when they are not in the office and not online, but you can also use the original password policy, and keep security tight..
One which is our Desktops which don't move and another for the laptops which travel.
The laptop policy is configured to allow the laptops to not need to log into the domain at startup.
The desktop policy is set to wait for the DC to log in.
The password policy is something you can also do, which is mentioned above.
Our travelers are not out for long enough for the password policy for them to matter.
Another method you can use, depends on your firewall and there access, but Cisco (Anyconnect) allows you to connect via script before log-on which if you use this, you can use the cached profile settings for log-on when they are not in the office and not online, but you can also use the original password policy, and keep security tight..
http://blogs.technet.com/b
Big things to remember is the computer must have current Domain controller registered. So if they have changed it might need a second reboot.