WindowsXP computer account dropping from domain.

[ckmartin]

I manage 220 computers in an educational environment. When I get new computers I use Symantec Ghost to image these new systems for deployment into labs/classrooms.

My problem is that sometimes when these systems are deployed into the rooms, they drop from the domain. i.e. when the lab account attempts to login they are denied with the error that the domain is not available. if I login using the local admin account and remove the computer from the domain then re-add it back they work fine with no further issues.

I also use software called DeepFreeze which "freezes" the computer in a state that if a student were to delete anything from the hard drive, upon reboot... it would all be back. There was an occasion that this software was causing this same issue but was resolved by an updated version.

I have been in contact with the maker of this software and they state that if the problem is ongoing, it is not caused by DeepFreeze.

The computers are Dell OptiPlex GX270 BIOS version A04 running WindowsXP SP1. AD Domain Controllers are running Windows 2000 Advanced Server SP4.

Any suggestions?

 

[ko0ky]

I think you need to use ghost walker to edit the SID of the computers. Maybe this will point you in a good direction.

 

[ckmartin]

Before creating the image, the system is sysprep'd so the sids are all unique.

 

[Peter1891]

I use simular software to deepfreeze and found that AD changes the password for a machineaccount every 30 days for security reasons. Software like deepfreeze does not allow this and the passwords are not in sync anymore removing the computer from the domain. You can disable this in the domain policy or with a reg setting on each computer.
Key= HKLM\CurrentControlSet\Services\NetLogon\Parameters
Value = DisablePasswordChange
REG_DWORD 1
(Default = 0)

Hope this helps.