[Dailydave] Removing ADS from a Windows machine and giving the machine to someone else
Kurt Buff
kurt.buff at gmail.com
Thu Jan 21 13:17:13 EST 2016
I think you should be good to go, but if you want more assurance, you
might wish to ask this question over on the activedir.org mailing
list. There are a fair number of AD heavyweights there.
Kurt
On Wed, Jan 20, 2016 at 8:14 PM, No One <situbu42 at yahoo.com> wrote:
> Hello all!
>
> leaving aside hateful thoughts directed at windows, please consider the
> following situation:
>
> · GIVENS:
> o I have a client with multiple locations. The client runs windows
> active directory. Each location has an ADS controller.
> o Client sold one part of its biz, SUB A. SUB A's IT components are
> largely contained in its location. SUB A, at its location, has a
> combination file server/AD server (SUBA-FS1).
> o the new owner of SUB A has elected to keep this file server.
> o SUBA-FS1 is running win2k8r2
> o SUBA-FS1 is a vm running on a vmware 5.0 server (SUBA-ESX1).
> o There are no vmware or vss snapshots.
> o The new owner won’t be getting a backup of SUBA-FS1.
> o SUBA-ESX1 has been used as a staging area for DR testing (restoring
> other VMS).
> § It has one data store.
> § These vms have been removed.
> § I have added virtual disks to SUBA-FS1 that are the same size as the
> total free space and run sysinternals sdelete against the disks, which
> effectively overwrote all the free space in vmfs.
> · QUESTION:
> o can I safely give this server to the new owner?
> o If so how?
> · MY THOUGHTS
> o When I demote the server from domain controller to member server,
> windows removes active directory info from the machine.
> o I think that this process wipes the data (deletes it and zeroes out the
> files and folder so that undelete is not possible) from the disk.
> o I think that even if the process does not wipe the data, if the folder
> that contains the active directory data is gone and I run “sdelete –p 5 –c
> c:” (from sysinternals), then the data will be gone.
>
> If there is no secure way to do this, what is the best I can do?
>
> I think I am on the right track but I have been doing this long enough to
> realize that I could be missing something.
>
> i am happy to answer follow up questions.
>
> Thanks in advance.
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
More information about the Dailydave
mailing list