How to Keep Virtual Machine Info Alive in a Windows Domain

VMWare and HyperV virtual machines will often lose their membership in a Windows Domain (not to be confused with an Internet Domain) for a complex variety of reasons. One of these reasons is the automatic password change procedure followed between the windows domain client and the domain server. In this process, the domain client (your PC or VM) renegotiates a new secret password with the domain server, which they both “remember” for future interactions.

Disabling the password changing process is an important partial remedy to the lost domain membership problem. By disabling the automatic password change, the chances for your VM to be dropped from the domain are greatly reduced.

The hidden password in question is a shared secret between the domain server and your machine. It is already protected as well as Windows can protect any password, and thus it seems relatively safe to stop updating this password for test machines that are continually reverted.

This change is only needed on the client side, not on the domain controller. The domain password change feature is disabled by adding a value in the registry key at:

HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

called DisablePasswordChange which should be of type REG_DWORD and have a value of 1.

This can be done from the Windows command line with this command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v DisablePasswordChange /t REG_DWORD /d 1 /f

Leave a Reply

Your email address will not be published. Required fields are marked *