0

A Win7 Pro workstation was joined to a domain and the admins installed some Global Policies that block local administration.
It can no longer connect to the PDC and we want to disjoin the workstation from the domain.
Will the Global Policies from the PDC survive or not?
There are policies that prevent Windows Updates, etc, etc, and we need this workstation to revert to a local-only status.
Will those policies be removed if the PC is disjoined from the nominal domain?
Thanks...

3
Contributors
9
Replies
22
Views
1 Year
Discussion Span
Last Post by wyeknott
0

I'm going with no. Example? "On the Password restrictions, it is enforced by the domain controller." so when you don't have the PDC, that restriction is lost. I'm sure there are more examples so you'll have to research each policy item to see if it sticks or not.

0

I would also have to say no. To remove it from the domain you are going to have to use a Domain Admin account and if you can't get to the domain controller then how are you going to remove it???

0

I can simply disjoin it by converting it to a workgroup PC. It seems to me that in disjoining from the PDC, this would also sever all policies installed by that PDC but I'm not certain. If this isn't true, then it seems to me that a PDC could "poison" a workstation forever and that just doesn't make sense to me.
But disjoining is a point of no return so I don't want to make a bad situation worse.

0

Again, we know that some policies are lost when there is no PDC so next up is your add on question about making a bad situation worse. It's just a PC so as you are the IT (yes or no?) you would be ready to wipe and start over with your new plan. There are tomes on the web about converting it to a Workgroup so I don't repeat that here. Your opening question looks answered.

What is this bad situation? It's unclear so far.

0

IMHO, policies that prevent any part of local administration constitute a "bad situation". There are updates that are being blocked by policy and IMHO, that's bad. There's no backup for this workstation and reloading from scratch is a real time & money waster, assuming all the software discs are available -- that I don't know.
Thanks your advice.

0

@OP, the IMHO reply tells us a lot more. Policies are done for reasons. With your IMHO reply I get an entirely different picture of your questions. At the onset I had thought you were the IT lead or part of the IT staff needing to find out what happens. Now it's sounding like someone that unplugged a workstation from a network and suffering the fallout.

Then you state no backup. That's very strange because in company after company they eventually learn that no backup is not tolerated if it's mission critical. Time to get back in those IT discussions and work to move this company back on track before they burn to the ground.

0

"Policies are done for reasons." When a company is sold and the seller takes a workstation as part of the deal, he no-longer has access to the PDC and the "IT lead" is no-longer available.

I'm simply trying to make the best of a bad situation. Is the workstation "mission-critical"? No. But it does have numerous personal files that have already been backed up but there is no image of the workstation as far as I know.

I asked what I thought was a simple question:
"Would PDC originated policies survive a disjoin?"
It seems to me the PDC (domain, forest, etc) has no right to exercise policy controls on a PC that is not a member of the domain.
What I was hoping to hear was that a disjoin would remove all such policies.
If that's not so, then the disjoin wouldn't really accomplish much and I can forego it.

My motives shouldn't be the subject of speculation.
Thanks ever so much.

1

Well that's clearer but as you discover, some may stick around. Now that more is known you still have, as a company an IT lead and your team to manage such a mess.

Sorry if I was unclear. Some of the policies are registry changes so you have to research each one and undo later. Some as the one I noted cease since it's something that only work when there is a PDC.

So change it to a workstation and deal with the mess as it is. Frankly the cost of the hours by your staff or IT is usually high enough that you just wipe and load your new standard load.

1

Thanks. I suppose RSOP will be my main query tool after the disjoin.

Votes + Comments
Yes, RSOP report after should be illuminating.
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.