Win 2K: How does your association with a domain get lost?

[joshc]

So the laptops we have from our company have Win 2K installed on them and we have an admin account for a certain domain, "DOM". We do not have the password for the local admin account. Anyways, a fella at work was trying to get a wireless card set up on his laptop and through doing something when he reboots the laptop now he has no options to choose a domain to log into and thus he can't log in.

I assume since there are no options for domain anymore that someone with the password for the local admin account must log on. What I am curious about is how something liek this could get screwed up, i.e. where are settings that control this(having Domains show up at the login screen)? Also, is this easy to fix because the incompetent IT folks we have at work seem to want to rebuild my friend's laptop, i.e. clean format + install of OS/apps.

TIA for taming my curiousity.

 

[spyordie007]

The machine could be removed from the domain by any account that has local admin privilages (this will remove the domain list from the login screen). I'm going to guess that the guy who was playing with his laptop's network config has admin privilages and removed his machine from the domain somewhere along the line...

Also, is this easy to fix because the incompetent IT folks we have at work seem to want to rebuild my friend's laptop, i.e. clean format + install of OS/apps.

Yes it's possible to re-join the computer to the domain. I'm going to assume that your "incompetent IT folks" are aware of this and they have a good reason for not doing this (i.e. security concerns, etc.).

 

[spyordie007]

BTW, this is yet another reason I dont give the majority of our users admin privilages.

 

[joshc]

He has admin privileges for the account on that domain, "DOM". It seems there is some difference between a local admin and an admin account on a particular domain as we can install apps, edit the registry, etc. but we can't change our network configuration, i..e any TCP/IP settings, etc.

They don't seem to have a reason to rebuild the machine because the person servicing the machine insisted there was no way to backup the fella's data off the drive before rebuilding so I assume the moron doesn't know how to log in to the machine.

 

[InlineFive]

Giving users access to Administrative priveleges is a headache in the long run, as you have just learned. Unfortunately, since I don't have a domain I can't provide any advice on how to remedy the issue.

But I will strongly stress using all Limited User accounts in the future. As long as you give them the right set of software (Office, Java, Flash, etc.) they will be fine on their own. And if they want to install additional software they have to go through your IT guys. Not to mention that it greatly reduces the risk of spyware infection.

This lesson has easily been one of the most valuable lessons I have learned on here. Thanks spyordie007 and mechBgon!

 

[spyordie007]

He has admin privileges for the account on that domain, "DOM". It seems there is some difference between a local admin and an admin account on a particular domain as we can install apps, edit the registry, etc. but we can't change our network configuration, i..e any TCP/IP settings, etc.

The settings could be pushed down via a GPO or perhaps some 3rd party restrictive software. Under a vanilla XP install a local admin can do pretty much anything to the local machine that a domain admin can.

They don't seem to have a reason to rebuild the machine because the person servicing the machine insisted there was no way to backup the fella's data off the drive before rebuilding so I assume the moron doesn't know how to log in to the machine.

Not that I'm saying they know what they are doing however...
As I stated before I dont give the majority of our users much for privilages. In the event that I do and somebody comes back to me with an install that they f'd up I'd almost certainly ghost it and give it back to them without any privilages. If I make an exception and expand your privilages and you screw things up I sure the hell aint going to burn any time trying to clean up your mess