Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Windows, how do I disable ADS network settings after I leave the IU network?

If you ran Get Connected in the past, you can use Get Unconnected to remove your computer from Indiana University's ADS domain. Otherwise, follow the appropriate instructions below to disable your ADS network settings in Windows.

On this page:

Windows 7 and Vista

Reset the password to the Administrator account if you are not sure you already know it:

  1. From the Start menu, right-click Computer. Select Manage.

  2. In the left pane of the window, click the arrow next to "Local Users and Groups", and select the Users subfolder.

  3. At the right, find the account with the description "Built-in account for administering the computer/domain". By default, the account is named Administrator. Right-click it and choose Set Password... .

  4. Enter a new password for the account and confirm it. Click OK.

To unjoin from the ADS Domain:

  1. From the Start menu, right-click Computer and select Properties.

  2. In the left pane of the window, click Advanced System Settings.

  3. In the System Properties window, select the Computer Name tab, and then click Change.

  4. Under "Member of", select Workgroup. In the field, type any name you would like, and then click OK.

  5. You will then be prompted with the Local Username And Password window for authentication. In the "Name:" field, type your computer name and local account name (e.g., bl-rh-username\LocalAccount). In the "Password:" field, type your local account password. Click OK.

  6. In the System Settings Change dialog box that appears, click Yes to automatically reboot your computer.

Windows XP

When leaving the IU network, you should do three things:

  1. Before leaving campus, reset the password for the local administrator account if you are not sure you already know it:

    1. Click Start, and then Control Panel.

      Note: If this doesn't match what you see, refer to About navigation settings in Windows.

    2. Double-click User Accounts.

    3. Highlight the administrator account (make sure the "Domain:" listed is the name of your computer and not "ADS") and click Set Password... .

    4. In the two boxes, enter the password you'd like to use, and then click OK.

  2. Disable the ADS network settings:

    Note: This step only applies to Windows XP Professional. As Windows XP Home and Media Center editions are unable to join a domain or Active Directory, if you use either of those operating systems, skip to the next section.

    1. Right-click My Computer and choose Properties.

    2. Click the Computer Name tab, and then click Change.

    3. Select Workgroup: , and then enter anything you like in the space provided.

    4. Click OK, and then click Apply to save your changes and close the open windows.

      Note that this step can be done either on or off campus, so it doesn't matter if you do it before or after you leave.

  3. If necessary, reconfigure the LAN Manager authentication settings:

    When set to its highest setting, the LAN Manager Authentication level should still work off campus in most situations. The only times it won't work will be when you bring your computer to a new domain that isn't set to handle the NTLMv2 protocol. Note that this combination of factors is rare; most domains can handle NTLMv2. For most people, this setting should be fine, especially if you are returning to campus at some point.

    Some may experience issues with this control at its current setting. For example, in a home networking situation, a Windows computer not configured to use NTLMv2 will not be able to map a drive or folder until it is reconfigured to do so. In those cases, UITS recommends that you reconfigure the other computer, rather than decrease the security of your own.

    UITS does not recommend that you change this setting proactively. However, if you have no choice, go no lower in settings than you must in order to guarantee functionality.

    Follow the instructions below to change the setting, but do not do this until you have left campus, since the IU ADS is configured to have its computers run at the highest level for this setting:

    1. Determine whether you ran the IUWindowsAuthUpdate program. If you configured your computer with Get Connected or downloaded the tool from IUware, you did; otherwise, you did not.

    2. Undo the settings:

      • If you ran IUWindowsAuthUpdate from IUware, uninstall it; see In Windows, how do I uninstall programs?

      • If you changed the settings manually, see How can I use the local security settings to force NTLMv2?

        Note: Do not choose Send NTLMv2 response only/refuse LM & NTLM. Instead, select one of the first four choices. UITS recommends choosing Send NTLMv2 response only, but for some networks, you may need to drop that to Send NTLM response only or lower. Protocols lower than NTLMv2 are considered insecure, so it is best to stay at the highest setting possible for your situation.

Note: At Indiana University, the University Information Security Office (UISO) recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?

This is document aksk in domain all.
Last modified on June 21, 2011.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.