Wednesday, April 1, 2015

Broken domain trust when reverting VM to old checkpoint

I keep setting up test virtual machines for various projects, get it perfect, then set a checkpoint. Weeks go by and I finally get around to testing. Then when everything is done, revert to the last checkpoint. The VM boots and will not log on due to broken domain trust, the Machine Password has changed.

This is probably better documented else where, but this is documentation for myself with a preamble rant.

To prevent this issue, disable the machine password change in the registry. Here is a rough powershell script to run on your test lab VM's. This will be added to a configure VM master script that will do multiple functions, but I'm starting here because you have to start somewhere. 

    Disables machine password changes for virtual machines
    This script disables machine password changes for Windows 7 Guest VMs
    allowing the restoration of older snapshots without losing domain trust.
    Note : Elevated permissions are required to execute this script.
           Cross-domain scenarios are supported by this script.

    Name     : Set-DisablePasswordChange.ps1

$result = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -Name DisablePasswordChange -ErrorAction SilentlyContinue
if ($result.DisablePasswordChange -eq 0)
    $result = Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -Name DisablePasswordChange -Value 1 -PassThru
    Write-Host "Successfully Disabled Machine Password Change"
elseif ($result.DisablePasswordChange -eq 1)
    Write-Host "Machine Password Change is already Disabled"

No comments:

Post a Comment