Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Computer still contacting domain even though we removed it from domain

Posted on 2012-03-16
4
Medium Priority
?
392 Views
Last Modified: 2012-03-16
We had this computer on our domain but we are redeploying it as a Kiosk machine.  The Kiosk's have no reason to be on our domain for security reasons.  I've installed SiteKiosk v8 software on this Windows 7 64bit machine.  Everything works great except when I log into the LOCAL user it appears as if the machine is still contacting our domain.  We use EventSentry and I get the following message every time I log onto this kiosk box with a local user.


EVENT #      65036788
EVENT LOG      Security
EVENT TYPE      Audit Failure
SOURCE      Security
CATEGORY      Logon/Logoff
EVENT ID      529
USERNAME      NT AUTHORITY\SYSTEM
COMPUTERNAME        -our domain controller name-
DATE / TIME        3/16/2012 9:16:29 AM
MESSAGE      Logon Failure:
Reason: Unknown user name or bad password
User Name: SiteKiosk
Domain: KIOSK2
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: KIOSK2
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.1.3.162
Source Port: 0


The thing is like I said, I removed this machine from the domain. I changed it to a kiosks WORKGROUP and renamed it at the same time.  What on this machine is trying to contact the domain at logon?
0
Comment
Question by:ITdiamond
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:ZachAtak
ID: 37729410
Could be a service, a mapped drive or anything else thats trying to reach a resource on your domain.
0
 
LVL 7

Accepted Solution

by:
withtu earned 2000 total points
ID: 37729693
You can use NetMon to track the traffic to domain controller which will tell you that what process is connecting.
0
 

Author Comment

by:ITdiamond
ID: 37729959
Ah ok it looks like it was related to Desktop Authority Script Logic CBM Service (Computer Based Management).

We use Script Logic's Desktop Authority and I just uninstalled everything related to it.  No more errors!
0
 
LVL 7

Expert Comment

by:withtu
ID: 37730145
@ITdiamond, great news! You can also check local Group Policy results to ensure all GPO settings are restored to default.
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question