Question What is dsregcmd & why is it on my computer?


Mar 13, 2016
It is Windows 10 Home, Version 1803, Build 17134.48.
It was purchased from Newegg in February 2016

dsregcmd appeared on my system approx 2 weeks ago and would appear whenever I started my computer.

It appears that it was assigning/registering my computer to be a part of Microsoft's Azure Active Directory thru it's domain manager, which it should not since this is a stand alone computer, not part of a domain.

I became suspicious recently because my system is not installing Windows updates and was giving me a notification to contact the system administrator, which is me. I removed the group policy that mystically appeared at about the same time.


Is the bomb in your attached picture, by any chance a MOAB?

it is on my machine, running it indicates that i am logged into a microsoft account but not joined to azure.
seems to be correct.

Directory of c:\Windows\System32

09/15/2018 12:29 AM 954,368 dsregcmd.exe
1 File(s) 954,368 bytes

c:\>dsregcmd.exe /?
DSREGCMD switches
/? : Displays the help message for DSREGCMD
/status : Displays the device join status
/status_old : Displays the device join status in old format
/join : Schedules and monitors the Autojoin task to Hybrid Join the device
/leave : Performs Hybrid Unjoin
/debug : Displays debug messages

c:\>dsregcmd.exe /status

| Device State |

AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO

| User State |

NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : YES
WamDefaultAuthority : consumers
WamDefaultId :
WamDefaultGUID : {D7F9888F-E3FC-49B0-9EA6-A85B5F392A4F} (MicrosoftAccount)

| SSO State |

AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO

| Ngc Prerequisite Check |

IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision

c:\>dsregcmd.exe /debug
dsregcmd::wmain logging initialized.
PreJoinChecks Complete.
preCheckResult: DoNotJoin
isPrivateKeyFound: undefined
isJoined: undefined
isDcAvailable: undefined
isSystem: NO
keyProvider: undefined
keyContainer: undefined
dsrInstance: undefined
elapsedSeconds: 0
resultCode: 0x1
The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM.