G
Guest
Hi,
Does the Secure Channel Password change whenever one restarts the server?
Thanks
Does the Secure Channel Password change whenever one restarts the server?
Thanks
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Steven L Umbach
By default the computer account passwords used for secure channel in a
domain are changed by the computer every thirty days. My understanding is
that if it computer misses the password change interval twice the domain
controller will disable the computer account. The netdiag support tool when
run on a domain computer will detect if the secure channel to the domain is
in place or not. --- Steve
domain are changed by the computer every thirty days. My understanding is
that if it computer misses the password change interval twice the domain
controller will disable the computer account. The netdiag support tool when
run on a domain computer will detect if the secure channel to the domain is
in place or not. --- Steve
G
Guest
Thanks for the reply.
Is there anyway to find out the date when the password changes? Does it
change at the end of each month?
Thanks
Is there anyway to find out the date when the password changes? Does it
change at the end of each month?
Thanks
S
Steven L Umbach
That's a good question that I don't know the answer to. I don't believe it
would be the end of the month but somewhere near thirty days. The tools
nltest and netdom may prove helpful, but I am not sure though they have a
lot of options. --- Steve
would be the end of the month but somewhere near thirty days. The tools
nltest and netdom may prove helpful, but I am not sure though they have a
lot of options. --- Steve
R
Roger Abell
I knew that the default is to provide membership safeguard by
retaining machine account passwords two deep, so the auth can
be with the prior if the password presented by the machine does
not match the current password. This provides for a little tolerance
for such as reimaging, etc..
What I did not know was that the account would be disabled if
two password changes were missed, and I have to question this.
One can disable, on a per-machine (or OU via GPO) basis whether
a machine will change its password at all. This means if there is
such a disabling, then the mechanism could not be blind to the
policy under which the machine that has not changed it password
operates, etc. - all becoming a little complex. Of course, if this
is so, that also means that if a machine is not booted for a couple
months then its membership is automatically defunct.
retaining machine account passwords two deep, so the auth can
be with the prior if the password presented by the machine does
not match the current password. This provides for a little tolerance
for such as reimaging, etc..
What I did not know was that the account would be disabled if
two password changes were missed, and I have to question this.
One can disable, on a per-machine (or OU via GPO) basis whether
a machine will change its password at all. This means if there is
such a disabling, then the mechanism could not be blind to the
policy under which the machine that has not changed it password
operates, etc. - all becoming a little complex. Of course, if this
is so, that also means that if a machine is not booted for a couple
months then its membership is automatically defunct.
S
Steven L Umbach
Hi Roger.
I may be wrong on that. Below is the source of my information. Maybe I
misinterpreted it and they were referring to NT4.0? I can put a test
computer on vacation but I won't know the results for 61 days [unless I
change a few computer clocks]. --- Steve
http://www.windowsnetworking.com/kb...reChannelPasswordandTrustPasswordChanges.html
http://tinyurl.com/46wr9 -- same link, shorter.
I may be wrong on that. Below is the source of my information. Maybe I
misinterpreted it and they were referring to NT4.0? I can put a test
computer on vacation but I won't know the results for 61 days [unless I
change a few computer clocks]. --- Steve
http://www.windowsnetworking.com/kb...reChannelPasswordandTrustPasswordChanges.html
http://tinyurl.com/46wr9 -- same link, shorter.