Increase time before non-connecting pc is removed from Active Directory and needs account reset

We have a remote office which users infrequently travel to, and sometimes they're unable to log into the PC because it hasn't been logged in, in a long while we.  We have to add the pc to  a workgroup, then join the domain, then reboot.  We want to increase the length of time before this takes place, reducing the support issues related to this.  Please advise.  Thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This is the best article you could ever read on secure channels in domains.

Big things to remember is the computer must have current Domain controller registered. So if they have changed it might need a second reboot.
This is down to the Computer Account password change in AD which is set to 30 days by default. Place your remote computers in a separate Org Unit in AD and then lengthen this setting for all Computer objects in that Org Unit.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LB1234Author Commented:
Steve, this seems to be an article about computer password account age.  I'm concerned with the period of time between which a pc does not in to the domain, and then can no longer log in when that threshold is exceeded, without resetting the account or re-joining the PC to the domain.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

LB1234Author Commented:
I've requested that this question be deleted for the following reason:

no relevant suggestions or suggestions didn't solve problem.
The standard setting is 30 days...and you are talking about the same thing. The computer password is different from a user password. It is what allows the machine to connect to the domain.
No objection from me. If LB1234 chooses not to take on board our responses then that's up to him/her.

Bradley VonderheideCommented:
On our domain i have two different OU's for this..
One which is our Desktops which don't move and another for the laptops which travel.
The laptop policy is configured to allow the laptops to not need to log into the domain at startup.
The desktop policy is set to wait for the DC to log in.

The password policy is something you can also do, which is mentioned above.

Our travelers are not out for long enough for the password policy for them to matter.

Another method you can use, depends on your firewall and there access, but Cisco (Anyconnect) allows you to connect via script before log-on which if you use this, you can use the cached profile settings for log-on when they are not in the office and not online, but you can also use the original password policy, and keep security tight..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.