Moving PC, corrupting machine account

i'm having a weird problem and noticed it on 2 or 3 PCs. I really believe that it's a coincidence but the help desk manager is sure it's his new user account. We're running windows 2003 and I just began to force everyone to use a secondary login with higher permissions to do anything admin related. Well 2 or 3 times so far when he moves a PC using his secondary account the machine account gets corrupted and requires it to be disjoined and rejoined to the domain. It throws an error saying "The domain cannot be contacted" and on the DC it logs several failed audits including event id 680.

i'm sure it's something else, b/c everyone's admin account uses the same groups and I've had no problem with my secondary account and have moved PCs like crazy the last week. He's just been fighting me on this b/c he hates using 2 accounts but there is no point staying logged in using your admin account if you don't need it so I want to resolve this so he has nothing to complain about trying to blame our new policy for this issue. I just can't figure out why these PCs accounts keeping getting corrupted and have to be disjoined/rejoined.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

sprkymrk

I would check the RSOP on his user account and compare it to yours. Or just run the similar tool from "Start>Help and Support>Use Tools to view computer information and diagnose problems>Advanced System Information>View Group Policy Settings Applied" while he is logged in.

IMO - He may be causing the problem intentionally to see if you'll exclude him from the dual user account requirement. Don't give in!