Link to home
Start Free TrialLog in
Avatar of Bob_Schmidt
Bob_Schmidt

asked on

Disassemble Windows 2000 Domain

I work as a self employed PC Repair Technician. My client is a former business owner who wants me to disassemble his windows 2000 domain and replace it with a workgroup for all of his familie's computers. In the past I changed a laptop from "domain" to "workgroup" and I could no longer log onto the laptop. Wanting to avoid this with his laptops, I'm looking for detailed instructions on how to take apart the entire network - I have access to everything, including passwords. Clients all run XP Pro.
Avatar of sliiconman
sliiconman
Flag of United States of America image

Well for the clients just create a local account or even change the administrator password for the local machine. That will give you access as long as you do not have any fancy scripts taht do not change passwords.

Are there files to contend with? Does he still want access to the server or the internet?
Avatar of Bob_Schmidt
Bob_Schmidt

ASKER

He does have files on the machines that he wants to keep. I played with one machine yesterday. It's now his daughter's school PC. She had administrator rights with her password. I was able to see both her account and the administrator account. I removed the administrator password so that it's now (blank) however it asked me to reboot in order to have access to changing her password. I didn't do so for fear I might not be able to get back in.
ASKER CERTIFIED SOLUTION
Avatar of DCenaculo
DCenaculo
Flag of Portugal image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
For the actual server, he wants to use it as a print server. We've already set up a Linksys WEP system for Internet access. That's working for all of the laptops. Just haven't taken the steps necessary to set up the workgroup and sharing privileges - again, looking for a detailed guide.
You can try to logon locally on any desktop as administrator. If you can do thad you can safely remove that machine from the domain. If you have the domain administrator password, you can always add that machine to the domain again if you decide to do that. You must be sure that you have the local administrator password and that is not the domain administrator password. You have to logon using administrator account, administrator password and the domain must be the name of the laptop and not the windows domain.
After you run dcpromo on the 2000 server to demote it, it will be just a member of the workgroup as the laptops. Knowing its administrator password as you know, you will just have to create those shares you mentioned with the right permissions for security purposes.
"DCenaculo: You can try to logon locally on any desktop as administrator. If you can do thad you can safely remove that machine from the domain." - It looks like I can logon locally to the laptops, individually, as administrator.  Are you saying that, after doing so, I can just switch from "domain" to "workgroup" under, "my computer," and I'll be OK? - and I can login again after re-booting?
All those are good tips. Please, PLEASE!! do not use WEP as your encryption. It is not  safe or considered a secure conection, takes about 5 minutes to break.. use at least WPA for encryption.. PLEASE !!!
Yes, you will do the logon without any kind of problem, but it will be a local logon. To access resources on other machines you will have to use their shres or provide user and password to access them. But as far as I see, that part you already know.

To make the 2000server a normal machiche you must demote it. Use DCPROMO command on it as I told on one on the last comments.
If you need more explanations, plese feel free to ask :)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
At this stage, DCenaculo has been a font of information that I'll need. Unfortunately, a separate barrier has arisen, preventing me from getting to the system in order to verify the solution. It may take up to two weeks. I am extremely grateful and will post a solution acceptance as soon as I've implemented your instructions. Thanks,
The solutions sounds complete but, because it's for a client, I won't be able to implement it for another month. At this point, I feel there's clear direction for me to proceed at that time.