Windows 2000 Domain Login Help

I tried to get my SO’s corporate laptop to connect to my home network’s workgroup, so that we could move files between the laptop and my desktop. It went badly. Both machines involved run Windows 2000 Pro.

To join the workgroup, I fired up the laptop and went to My Computer -> Properties -> Network Identification -> Properties. This screen. I switched “Member Of” from Domain to Workgroup, entered the Workgroup name, and clicked OK. Windows insisted on rebooting, so I did.

What happened wasn’t what I expected. The laptop has completely forgotten that it was associated with any domain, ever. The Windows 2000 login prompt used to have three boxes, for username, password, and domain. The domain box has disappeared, and my SO’s login and password don’t work any more. I was completely locked out of the machine at this point.

From my desktop, I found a utility to create an emergency boot CD with a password writer. I burned this CD, and used it to reset the password of the laptop’s Administrator account.

Now I can log in to the laptop as Administrator, I can connect to the home network, I can surf the web, I can even start the company’s VPN software and see the office PCs sitting idle on the LAN. But I can’t rejoin the domain so my SO can use her old account and password.

Using the correct domain in the “Identification Changes” dialog, and answering the request for a login/password with my SO’s correct username and password, I get an “Access denied” message. If I deliberately try the wrong domain, username, or password, the error messages are different - “Username or password invalid” or “Could not find the domain” etc. I get similar results from the Network Identification Wizard - which says that it’s found a machine account that matches the laptop in the domain, would I like to use that? If I say yes and proceed to enter my SO’s username and password, I get an “Access denied” message again. It’s as if - bizarrely - her user account had permission to leave a domain, but not to rejoin one.

If anyone could help me fix this before my SO has to take her laptop to work tomorrow, it would help me out a lot.

The simplest fix is to wait until she gets to the office and contact IT. You need special permission to join the domain. But it’s possible her account has this right, in which case she can do this herself.

To do so, run the VPN client to connect to the corporate network, open the My Computer -> Properties -> Network Identification -> Properties window, select Domain and enter the corporate domain (GiganticEvilCorporationsName, in your example) and then click OK. You should get a pop-up window asking for a domain account with the appropriate rights. Enter \GiganticEvilCorporationsName\WifesUserName and her domain password.

If her account has permission to join computers to the domain, you’re done. If not, she may not have the appropriate permission, or it may not be possible to do so via the VPN connection.

Also, when she gets to work, she should tell IT that she changed the local administrator password.

Thanks for your reply. Using the domain name along with the username this way doesn’t seem to work any better; I guess IT will have to fix it.

Next time around, I would suggest creating a new user account for the home network connection. That way she can be one user at the office and another user at home and they shouldn’t conflict.

Thanks daffy, that sounds like a good tip, if I’m ever allowed near the laptop again.