Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Windows, how do I disable ADS network settings after I leave the IU network?

If you ran Get Connected in the past, you can use Get Unconnected to remove your computer from Indiana University's ADS domain; see What is Get Unconnected, and what does it do? Otherwise, follow the appropriate instructions below to disable your ADS network settings in Windows.

On this page:

Windows Vista

Reset the password to the Administrator account if you are not sure you already know it:

  1. Right-click the Computer icon from the desktop, and select Manage.

  2. In the left pane of the window, click the arrow next to "Local Users and Groups", and select the Users subfolder.

  3. At the right, find the account with the description "Built-in account for administering the computer/domain". By default, the account is named Administrator. Right-click it and choose Set Password... .

  4. Enter a new password for the account and confirm it. Click OK.

To unjoin from the ADS domain:

  1. Right-click the Computer icon from the desktop and select Properties.

  2. In the left pane of the window, click Advanced System Settings.

  3. In the System Properties window, select the Computer Name tab, and then click Change.

  4. Under "Member of", select Workgroup. In the field, type any name you would like, and then click OK.

  5. You will then be prompted with the Local Username And Password window for authentication. In the "Name:" field, type your computer name and local account name (i.e., bl-rh-username\LocalAccount). In the "Password:" field, type your local account password. Click OK.

  6. In the System Settings Change dialog box that appears, click Yes to automatically reboot your computer.

Windows 2000 and XP Professional

When leaving the IU network, you should do three things:
  1. Before leaving campus, reset the password for the local administrator account:

    Note: While actually resetting the password is not absolutely necessary, you should at least verify the existence of a local administrator account, and know the password to it. After you disable the ADS network settings as described in the next step, you will no longer be able to log in using your ADS domain password, so it's very important to have a local account you can use instead. Otherwise, you'll be locked out of your computer. Resetting the password simply guarantees that you'll know it.

    1. In Windows XP Professional using the default view, click Start, and then Control Panel. In Windows 2000 or XP Classic View, click Start, then select Settings, and then select Control Panel.

    2. In Windows XP Professional, double-click User Accounts. In Windows 2000, double-click Users and Passwords.

    3. Highlight the administrator account (make sure the "Domain:" listed is the name of your computer and not "ADS") and click Set Password... .

    4. In the two boxes, enter the password you'd like to use, and then click OK.

  2. Disable the ADS network settings:

    Note: This step only applies to Windows 2000 and XP Professional. As Windows XP Home and Media Center editions are unable to join a domain or Active Directory, if you use either of those operating systems, skip to the next section.

    1. Right-click the My Computer icon and choose Properties.

    2. In Windows XP Professional, click the Computer Name tab, and then click Change. In Windows 2000, click the Network Identification tab, and then click Properties.

    3. Click the radio button next to Workgroup: and enter anything you like in the space provided. By moving out of the ADS domain, you effectively undo these settings.

    4. Click OK, and then click Apply to save your changes and close the open windows.

      Note that this step can be done either on or off campus, so it doesn't matter if you do it before or after you leave.

  3. If necessary, reconfigure the LAN Manager authentication settings:

    When set to its highest setting, the LAN Manager Authentication level should still work off campus in most situations. The only times it won't work will be when you bring your computer to a new domain that isn't set to handle the NTLMv2 protocol. Note that this combination of factors is rare; most domains can handle NTLMv2. For most people, this setting should be fine, especially if you are returning to campus at some point.

    Some may experience issues with this control at its current setting. For example, in a home networking situation, a Windows computer not configured to use NTLMv2 will not be able to map a drive or folder until it is reconfigured to do so. In those cases, UITS recommends that you reconfigure the other computer, rather than decrease the security of your own.

    UITS does not recommend that you change this setting proactively. However, if you have no choice, go no lower in settings than you must in order to guarantee functionality.

    Follow the instructions below to change the setting, but do not do this until you have left campus, since the IU ADS is configured to have its computers run at the highest level for this setting:

    1. Determine whether you ran the IUWare IUWindowsAuthUpdate program. If you configured your computer with the Get Connected CD or downloaded the tool from IUWare, you did; otherwise, you did not.

    2. Undo the settings:

      • If you ran IUWare's IUWindowsAuthUpdate, uninstall it; see In Windows, how do I uninstall programs?

      • If you changed the settings manually, follow the instructions in How can I use the local security settings to force NTLMv2?, but do not choose Send NTLMv2 response only/refuse LM & NTLM. Instead, select one of the first four choices. UITS recommends choosing Send NTLMv2 response only, but for some networks, you may need to drop that to Send NTLM response only or lower. Note that protocols lower than NTLMv2 are considered insecure nowadays, so it is best to stay at the highest setting possible for your situation.

Note: At Indiana University, the University Information Security Office (UISO) recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?

This is document aksk in domain all.
Last modified on October 13, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.