Dailydave mailing list archives

Re: Removing ADS from a Windows machine and giving the machine to someone else

From: Kurt Buff <kurt.buff () gmail com>
Date: Thu, 21 Jan 2016 10:17:13 -0800

I think you should be good to go, but if you want more assurance, you
might wish to ask this question over on the activedir.org mailing
list. There are a fair number of AD heavyweights there.

Kurt

On Wed, Jan 20, 2016 at 8:14 PM, No One <situbu42 () yahoo com> wrote:

Hello all!

leaving aside hateful thoughts directed at windows, please  consider the
following situation:

·         GIVENS:
o    I have a client with multiple locations.  The client runs windows
active directory.  Each location has an ADS controller.
o    Client sold one part of its biz, SUB A.  SUB A's IT components are
largely contained in its location.  SUB A, at its location, has a
combination file server/AD server (SUBA-FS1).
o    the new owner of SUB A has elected to keep this file server.
o    SUBA-FS1 is running win2k8r2
o    SUBA-FS1 is a vm running on a vmware 5.0 server (SUBA-ESX1).
o    There are no vmware or vss snapshots.
o    The new owner won’t be getting a backup of SUBA-FS1.
o    SUBA-ESX1 has been used as a staging area for DR testing (restoring
other VMS).
§  It has one data store.
§  These vms have been removed.
§  I have added virtual disks to SUBA-FS1 that are the same size as the
total free space and run sysinternals sdelete against the disks, which
effectively overwrote all the free space in vmfs.
·         QUESTION:
o    can I safely give this server to the new owner?
o    If so how?
·         MY THOUGHTS
o    When I demote the server from domain controller to member server,
windows removes active directory info from the machine.
o    I think that this process wipes the data (deletes it and zeroes out the
files and folder so that undelete is not possible) from the disk.
o    I think that even if the process does not wipe the data, if the folder
that contains the active directory data is gone and I run “sdelete –p 5 –c
c:” (from sysinternals), then the data will be gone.

If there is no secure way to do this, what is the best I can do?

I think I am on the right track but I have been doing this long enough to
realize that I could be missing something.

i am happy to answer follow up questions.

Thanks in advance.



_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Removing ADS from a Windows machine and giving the machine to someone else No One (Jan 21)
- Re: Removing ADS from a Windows machine and giving the machine to someone else Kurt Buff (Jan 21)