Enterprise computer networks often rely on a domain controller such as Active Directory® from Microsoft Corporation to manage security aspects of the network. The domain controller manages a logical group of computers and devices on the network as a domain. Each computer and each user are individually authenticated and granted an “account” which gives them access to network resources when they are added to the domain.
The computer accounts provide a means for authenticating computers connecting to the network, and to deny access to computers for which a computer account has not been provided. Thus, computer accounts are distinct from user accounts, which generally allow users to access a domain's network from any computer on the domain. Only authenticated users given domain administrator privileges can issue computer accounts to add a computer to the domain. Like user accounts, computer accounts may be authenticated using passwords. Computer account passwords are maintained and managed by the computer's operating system in a manner generally transparent to the user. In systems running Microsoft Windows operating systems, the computer account password is maintained in a system registry database that is managed by the operating system. Microsoft Windows operating systems typically maintain the current computer account password and only the most recent computer account password in the system registry.
Computer account passwords are generally computer-generated (for example, as a 128-bit or larger random number) without user input at a configurable periodic interval (for example, a periodic interval determined by a registry database variable such as MaximumPasswordAge) according to a domain policy. In Microsoft Windows® operating systems, the computer account password is stored as a secret (for example, $MACHINE.ACC) in a part of the registry database that is secure, such as the Local Security Authority (LSA) Policy Database. Although this discussion relates specifically to Microsoft's implementation of domain-architected networks and operating systems, it should be understood that the principles described herein apply equally to other domain controller software and other guest operating systems.
In virtualized computer systems, virtual disk image files maintained by the virtualization software contain images of virtual disks. Each virtual disk may be accessed by a guest operating system running inside a virtual machine as though it is a physical disk. However, read and write requests to various sectors of the virtual disk issued by the virtual machine are mapped to specific offsets within the corresponding virtual disk image file. Because the virtual disk image is stored as a file by the virtualization software, it is a fairly simple matter to take a snapshot of the virtual machine at a particular point in time to preserve the state of the virtual machine, so that changes made after the snapshot is taken can be discarded. This might be useful in many circumstances. For example, a virtual machine that becomes corrupted may be reverted to the previous snapshotted state to recover data that may otherwise be lost.
A snapshot preserves the state and data of a virtual machine at a specific point in time. The state of the virtual machine includes the virtual machine's power state (powered on, powered off, suspended, etc), contents of its memory (including random access memory, the processor contents, etc.) and disk state. When a virtual machine is powered off, the state is primarily the contents of the virtual disk.
Snapshots may be implemented in various ways, which are generally known in the art. See, for example “Understanding and Exploiting Snapshot Technology for Data Protection, Part 1: Snapshot Technology Overview” (IBM, Apr. 26, 2006) for exemplary techniques for implementing snapshots. In one implementation, a virtual disk image file is snapshotted by simply setting the file as read-only and redirecting all future writes to a new file. The new file, sometimes referred to as a redo log or copy-on-write table, contains only changes to the snapshot image. Future reads are directed to the new file when the disk sector being read has been modified since the snapshot was taken, and to the snapshot file when the disk sector being read has not been modified.
When a virtual disk is reverted to a previous state defined by a snapshot, all the changes to the virtual disk since the snapshot was taken are discarded. This includes new computer account passwords stored in the system registry by the guest operating system. Potentially, this can cause a computer to lose access to the domain, which would require a domain administrator to reset the computer account for that computer.