Question What is dsregcmd & why is it on my computer?

[johnemillere147]

what is dsregcmd and why is it on my single user computer?
I am the administer.

 

[USAFRet]

what is dsregcmd and why is it on my single user computer?
I am the administer.

Which specific OS version is this, and where did it come from?

 

[johnemillere147]

It is Windows 10 Home, Version 1803, Build 17134.48.
It was purchased from Newegg in February 2016

dsregcmd appeared on my system approx 2 weeks ago and would appear whenever I started my computer.

It appears that it was assigning/registering my computer to be a part of Microsoft's Azure Active Directory thru it's domain manager, which it should not since this is a stand alone computer, not part of a domain.

I became suspicious recently because my system is not installing Windows updates and was giving me a notification to contact the system administrator, which is me. I removed the group policy that mystically appeared at about the same time.

Regards
John

Is the bomb in your attached picture, by any chance a MOAB?

 

[USAFRet]

What's the state of your antivirus?
What indications does it give you about not getting regular Windows updates?

And that's an AGM-158 cruise missile. Not a MOAB.

 

[Colif]

See if this helps -

run taskschd.msc

find: microsoft - windows - workplace join

disable the tasks which is using dsregcmd.exe

https://answers.microsoft.com/en-us/windows/forum/all/cwindowssystem32dsregcmdexe-pops-up-on-starting/cc77612b-ff15-4653-84e0-fad5eefa31e9

its on PC as its part of windows 10 - http://exescan.net/exes/d/dsregcmd-exe-file

 

[johnbl]

it is on my machine, running it indicates that i am logged into a microsoft account but not joined to azure.
seems to be correct.


Directory of c:\Windows\System32

09/15/2018 12:29 AM 954,368 dsregcmd.exe
1 File(s) 954,368 bytes


c:\>dsregcmd.exe /?
DSREGCMD switches
/? : Displays the help message for DSREGCMD
/status : Displays the device join status
/status_old : Displays the device join status in old format
/join : Schedules and monitors the Autojoin task to Hybrid Join the device
/leave : Performs Hybrid Unjoin
/debug : Displays debug messages

c:\>dsregcmd.exe /status

+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+

AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO

+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+

NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : YES
WamDefaultAuthority : consumers
WamDefaultId : https://login.microsoft.com
WamDefaultGUID : {D7F9888F-E3FC-49B0-9EA6-A85B5F392A4F} (MicrosoftAccount)

+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+

IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision


c:\>dsregcmd.exe /debug
dsregcmd::wmain logging initialized.
PreJoinChecks Complete.
preCheckResult: DoNotJoin
isPrivateKeyFound: undefined
isJoined: undefined
isDcAvailable: undefined
isSystem: NO
keyProvider: undefined
keyContainer: undefined
dsrInstance: undefined
elapsedSeconds: 0
resultCode: 0x1
The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM.