HP thin clients losing domain trust.

I've recently accepted a position as IT manager for a company whose network infrastructures is a train wreck. I have approximately 200 HP thin clients running Windows7 imbedded.  I have several each week that lose the trust  with the domain.  They are all scattered through several OUs mixed with standard machines.  AD has practically no structure but I can't make time to clean it up because of the thin clients losing their trust relationship.

I need to know the best way to deal with these thin clients?

Marshall
MwvarnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott GorcesterCTOCommented:
Do you have the write filter permanently disabled. If not the thin clients will not permit an AD SID change and every thirty days they will lose their domain membership. Its controversial to join thin clients to AD but if you disable the write filter it is possible. I have run many thin clients and in some cases joined them to the domain with reasonable stability.

MooseSupport
MwvarnerAuthor Commented:
I ran the fbwfmgr.exe on one of the clients and the status was disabled.  I tried to enable it and add exceptions for the c: drive and the regfdata which is what another post I found online said to do.  When I did that I couldn't even rejoin the domain.  Maybe I didn't do something correctly but I reversed the changed and rejoined the domain.  

I've also seen several post on changing the Maxage using a GPO but the machines are scattered through out AD and mixed in with fat clients that I'm not sure how i'd change that without changing that for everyone.

Is there a way to change the max age on the client itself without using a domain GPO?

Marshall
Scott GorcesterCTOCommented:
what model thin clients are these?

MooseSupport
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

MwvarnerAuthor Commented:
They are HP Thin clients. I think they are model T5740.
Scott GorcesterCTOCommented:
I see some recent posts that this issue may not be fixable. My past experience is that permanently disabling the write filter fixes this. Is there some reason you require these to be domain members? I will see if I can come up with a solution you might also try opening a support case with HP.

MooseSupport
Scott GorcesterCTOCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.