Dailydave mailing list archives
Re: Removing ADS from a Windows machine and giving the machine to someone else
From: Kurt Buff <kurt.buff () gmail com>
Date: Thu, 21 Jan 2016 10:17:13 -0800
I think you should be good to go, but if you want more assurance, you might wish to ask this question over on the activedir.org mailing list. There are a fair number of AD heavyweights there. Kurt On Wed, Jan 20, 2016 at 8:14 PM, No One <situbu42 () yahoo com> wrote:
Hello all! leaving aside hateful thoughts directed at windows, please consider the following situation: · GIVENS: o I have a client with multiple locations. The client runs windows active directory. Each location has an ADS controller. o Client sold one part of its biz, SUB A. SUB A's IT components are largely contained in its location. SUB A, at its location, has a combination file server/AD server (SUBA-FS1). o the new owner of SUB A has elected to keep this file server. o SUBA-FS1 is running win2k8r2 o SUBA-FS1 is a vm running on a vmware 5.0 server (SUBA-ESX1). o There are no vmware or vss snapshots. o The new owner won’t be getting a backup of SUBA-FS1. o SUBA-ESX1 has been used as a staging area for DR testing (restoring other VMS). § It has one data store. § These vms have been removed. § I have added virtual disks to SUBA-FS1 that are the same size as the total free space and run sysinternals sdelete against the disks, which effectively overwrote all the free space in vmfs. · QUESTION: o can I safely give this server to the new owner? o If so how? · MY THOUGHTS o When I demote the server from domain controller to member server, windows removes active directory info from the machine. o I think that this process wipes the data (deletes it and zeroes out the files and folder so that undelete is not possible) from the disk. o I think that even if the process does not wipe the data, if the folder that contains the active directory data is gone and I run “sdelete –p 5 –c c:” (from sysinternals), then the data will be gone. If there is no secure way to do this, what is the best I can do? I think I am on the right track but I have been doing this long enough to realize that I could be missing something. i am happy to answer follow up questions. Thanks in advance. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Removing ADS from a Windows machine and giving the machine to someone else No One (Jan 21)
- Re: Removing ADS from a Windows machine and giving the machine to someone else Kurt Buff (Jan 21)