![]() Algorithm:Īccount reuse attempt will be permitted if the user attempting the operation is the creator of the existing account.Īccount reuse attempt will be permitted if the account was created by a member of domain administrators. Once you install the October 11, 2022, or later Windows cumulative updates on a client computer, during domain join, the client will perform additional security checks before attempting to reuse an existing computer account. There are two scenarios for domain join with respective default behaviors and flags as follows:ĭefaults to account reuse (unless NETSETUP_NO_ACCT_REUSE flag is specified)Īccount provisioning ( NetProvisionComputerAccountNetCreateProvisioningPackage).ĭefaults to NO reuse (unless NETSETUP_PROVISION_REUSE_ACCOUNT is specified.) However, if the user has enough permissions the domain join will succeed. Note The reuse attempt will fail if the user who attempts the domain join operation does not have the appropriate write permissions. If such an account exists, the client will automatically attempt to reuse it. This query occurs during domain join and computer account provisioning. Behavior before October 11, 2022īefore you install the October 11, 2022, or later cumulative updates, the client computer queries Active Directory for an existing account with the same name. Updates released on and after March 14, 2023, will provide additional options for affected customers on Windows Server 2012 R2 and above and all supported clients. For more information, see the Octobehavior and Take Action sections. This setting requires the installation of Windows updates released on or after March 14, 2023, on ALL member computers and domain controllers. The owner of the computer account that is being reused is a member of the "Domain controller: Allow computer account re-use during domain join." Group Policy setting. The computer was created by a member of domain administrators. The user attempting the operation is the creator of the existing account. These protections intentionally prevent domain join operations from reusing an existing computer account in the target domain unless: Windows updates released on and after October 11, 2022, contain additional protections introduced by CVE-2022-38042. Tip: To view the new or revised Augcontent, see the and tags in the article. Windows Server 2008 Datacenter ESU Windows Server 2008 Standard ESU Windows Server 2008 Enterprise ESU Windows 7 Enterprise ESU Windows 7 Professional ESU Windows 7 Ultimate ESU Windows Server 2008 R2 Enterprise ESU Windows Server 2008 R2 Standard ESU Windows Server 2008 R2 Datacenter ESU Windows Embedded Standard 7 ESU Windows Embedded POSReady 7 ESU Windows Server 2012 Windows Embedded 8 Standard Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Windows Embedded 8.1 Industry Enterprise Windows Embedded 8.1 Industry Pro Windows 10 Windows 10, version 1607, all editions Windows Server 2016, all editions Win 10 Ent LTSC v2019 Win 10 IoT Ent LTSC v2019 Windows 10 IoT Core 2019 LTSC Windows Server 2019 Windows 10 Enterprise Multi-Session, version 20H2 Windows 10 Enterprise and Education, version 20H2 Windows 10 IoT Enterprise, version 20H2 Windows 10 on Surface Hub Windows 10, version 21H1, all editions Windows 10, version 21H2, all editions Windows 11 version 21H2, all editions Windows 11 version 22H2, all editions Windows Server 2022 More.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |