Help - I can't get into a users machine as the workstation's trust with the domain has failed and the local admin account is disabled so I can't rejoin it! Thanks

Did you check the SPN (Service Principal Name) value? Add your Domain SPN to the SPN list. Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

You may remove the object from AD. Then boot in Safe Mode and you will be able to logon with the build-in Administrator account. Create another administrative account or enable the build-in Administrator. After reboot you will be logon with an administrative account and re-join the domain.Arthur Xie - MSFT

Help - I can't get into a users machine as the workstation's trust with the domain has failed and the local admin account is disabled so I can't rejoin it! Thanks If there are no other local admin accounts on your machine, the only way to enable the default local admin is by editing the SAM registry hive. This can be done with this program: http://www.elcomsoft.com/esr.html

You may remove the object from AD. Then boot in Safe Mode and you will be able to logon with the build-in Administrator account. Create another administrative account or enable the build-in Administrator. After reboot you will be logon with an administrative account and re-join the domain. Arthur Xie - MSFT This will not work because even if he removes the object from AD, the computer itself will still be joined to the domain and the only way to be able to logon as the default local admin in safe mode is if the computer is disjoined from the domain.