[ActiveDir] Machine Password Changes

[Clay, Justin \(ITS\)]

Everyone,   Our Public Libraries use a software package that handles their patron logins and billing called SomeProduct. The company that makes SomeProduct includes in their suite, a product called SomeDiskProtection. SomeDiskProtection is similar to Windows Disk Protection, GoBack and Deep Freeze. It’s a product that upon reboot, restores the PC to its previously saved state. The problem with this of course is that while the PC is up and running during the day, if it changes its machine account password, the next time the PC is rebooted, it’s back to the old password which results in PCs that can’t log onto the domain. We’ve now spent a week on the phone with SomeCompany and they tell us that their only solution is to completely disable machine password changes for the PCs running their software. I want to ask you all what you think of this solution. How much of a security risk do you think it is? Can you think if a workaround?   The frustrating thing is that Windows Disk Protection has a way of handling this. It disables automatic machine password changes, but every time the PC has its saved state updated, it performs a manual password change so that at least it’s being changed SOMETIMES. According to SomeCompany, they have absolutely no plans or desire to update their software to support similar functionality.   Thanks,   Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573   ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.