I am running a Windows NT network. We have a SCADA (supervisory control and data acquisition) system in place that runs on its own workgroup. The laptop PCs that our instrumentation department uses have Windows XP Pro installed on them. The instrument techs switch between the data network (domain) and the SCADA network (workgroup) frequently.
When the instrument techs want to join the SCADA workgroup, they are able to drop the domain (they are local admins) and join the SCADA workgroup, and all works well. However, they cannot join the domain again when they need to because they are not domain administrators! I checked server manager and I see their workstations there, so I don't understand why they can't simply change back to the domain. Any ideas?
The system account still remains in the domain even after the client switches to the workgroup. However, you have to grant the user full domain administrative privileges to be able to rejoin the domain. That's a limitation with Windows NT -- no individual administrative privilege delegation capability. In an NT domain, I don't know of a means to resolve the problem, other than granting end users full admin access, which is a security violation, a political issue and not a wise activity to take in most environments.