From: "Glenn Meadows" 

What I've never been able to figure out, is if I log on as user, logging in
to the Domain Controller, when I log on with same username to the local
machine, new desktop. Pain, especially for a laptop.

I've not got to reconfigure 3 users in our Atlanta office, who logged into
a local DC, but moving offices, and will not be standalone, but I want to
keep their same desktops, while logging in as local user.  I've got to copy
all their "stuff" to the local user account, since the computers
will no longer be a domain member.  They'll connect via VPN to our lan once
they're logged in locally. It's just an inconvenience, not something I have
to do on a regular basis.

--
Glenn M.


"Geo"  wrote in message
news:417985ea$1{at}w3.nls.net...
> "Mike N."  wrote in message
> news:fjrhn0peigga7bjplujomv5ul5i0rdg4ce{at}4ax.com...
>
> >   Assuming I never created a password reset disk, there's still no way
> into
> > the SAM to create a password reset disk.   Someone could replace the SAM
> > and log in as Administrator, but that still gives them no access to the
> > LSA, EFS keys, or original accounts..
>
> I don't remember for sure but I believe there is a way by replacing less
of
> the registry than is specified in that procedure.
>
> >   If you have a laptop, you still need to be able to take it offsite /
> > offnetwork and function standalone.   So the domain member is not
> practical
> > in my case.
>
> That's sort of what I was getting at, I think there is another issue. Here
> is why. You are a domain member, you login as domain admin to the laptop
one
> time and it creates your desktop and whatever. Ok now shutdown and unplug
> the laptop from the network then boot it back up and login as domain admin
> again, it works. That's because the domain admin login information is
cached
> on the machine.
>
> Until you disable that (I forget how it's done) I don't think you are
> secure. That's why I like being a domain member better, it makes it easy
to
> tell if you have this disabled or not. You can still login as local
machine
> account, it's just a good way to test your settings.
>
> Geo.
>
>

--- BBBS/NT v4.01 Flag-5