asked on Computer still contacting domain even though we removed it from domain
We had this computer on our domain but we are redeploying it as a Kiosk machine. The Kiosk's have no reason to be on our domain for security reasons. I've installed SiteKiosk v8 software on this Windows 7 64bit machine. Everything works great except when I log into the LOCAL user it appears as if the machine is still contacting our domain. We use EventSentry and I get the following message every time I log onto this kiosk box with a local user.
EVENT # 65036788
EVENT LOG Security
EVENT TYPE Audit Failure
SOURCE Security
CATEGORY Logon/Logoff
EVENT ID 529
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME -our domain controller name-
DATE / TIME 3/16/2012 9:16:29 AM
MESSAGE Logon Failure:
Reason: Unknown user name or bad password
User Name: SiteKiosk
Domain: KIOSK2
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: KIOSK2
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.1.3.162
Source Port: 0
The thing is like I said, I removed this machine from the domain. I changed it to a kiosks WORKGROUP and renamed it at the same time. What on this machine is trying to contact the domain at logon?
EVENT # 65036788
EVENT LOG Security
EVENT TYPE Audit Failure
SOURCE Security
CATEGORY Logon/Logoff
EVENT ID 529
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME -our domain controller name-
DATE / TIME 3/16/2012 9:16:29 AM
MESSAGE Logon Failure:
Reason: Unknown user name or bad password
User Name: SiteKiosk
Domain: KIOSK2
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: KIOSK2
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.1.3.162
Source Port: 0
The thing is like I said, I removed this machine from the domain. I changed it to a kiosks WORKGROUP and renamed it at the same time. What on this machine is trying to contact the domain at logon?
Active DirectoryWindows 7
Last Comment
withtu
Could be a service, a mapped drive or anything else thats trying to reach a resource on your domain.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Ah ok it looks like it was related to Desktop Authority Script Logic CBM Service (Computer Based Management).
We use Script Logic's Desktop Authority and I just uninstalled everything related to it. No more errors!
We use Script Logic's Desktop Authority and I just uninstalled everything related to it. No more errors!
@ITdiamond, great news! You can also check local Group Policy results to ensure all GPO settings are restored to default.