but I cannot interpret them), plus these three which definitely seem to be relevant. in post_reboot.txt2: HKLM\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Sidcache "MachineSid"=hex:<data - not shown> HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETLOGON\0000\Control "ActiveService"="NetLogon" HKLM\SYSTEM\ControlSet001\Services\NetLogon "start"=dword:2 in pre_reboot.txt2: HKLM\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Sidcache no "MachineSid" value HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETLOGON\0000\Control "ActiveService"="Netlogon" HKLM\SYSTEM\ControlSet001\Services\NetLogon "start"=dword:2 in before_join.txt2 HKLM\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Sidcache no "MachineSid" value HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETLOGON\0000\Control no "ActiveService" value HKLM\SYSTEM\ControlSet001\Services\NetLogon "start"=dword:3 It looks like the initial step in the netlogon is to change the 3rd and 2nd values. Not clear where the logon credentials are stored. Then at reboot the MachineSid is returned by the Samba server to the client, presumably very early in the boot process. The MachineSid on two client machines differed, although only in a few digits. That suggests that one should be able to able to join an XP machine by doing something on the Samba server (maybe just: smbpasswd -a -m MACHINE$ ?) and then on the client do three reg add commands to set it to the appropriate state, and reboot. That would be really convenient since the cloning process running under linux could easily write a runonce file with these commands into the Windows partition. However, I do not see a place on the server side to retrieve the MachineSid for a particular workstation. If it is in smbpasswd, it is encrypted. Regards, David Mathog mathog at caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech