# How to leave a workgroup?



## Gorstak (Nov 10, 2018)

Basically having all your devices sharing stuff is nice. Microsoft made something called homegroup which allowed locally connected users to share stuff like pictures, files, printers and so on. Then they decided that idea is silly and moved on to workgroups. Basically, once you create a new user in windows 10, you can opt to join a domain, like your work or school, or, you can be in a workgroup. I have tried googling how to leave it, but I couldn't find a solution. Until today, when I did a clean install and pressed ctrl + shift + F3 on country screen during the setup, which booted me to builtin administrator account, which, surprisingly, doesn't need to join a workgroup, and service that allows browsing devices in a workgroup, called computer browser, does not exist. Depending on your ISP, a workgroup can be a liability, and it was one that bugged me for years. If anyone knows of a better, or proper way to leave it, I'm all ears. I have attached a screenie from my Administrators account.


----------



## Solaris17 (Nov 10, 2018)

You cant. A workgroup is not the same as a home group. workgroup has been around since like windows 98. Home group is what allowed you to share random things with other machines on your network more easily. Workgroup has always existed.

EDIT:: In your case it appears that the underlying services and corresponding registry entries are damaged (this is probably WMI). This is not a good thing, and does not mean you are "ridding yourself of a workgroup" Issues like the one imaged above can cause adverse issues with your machine.

EDIT 2:: you booted into audit mode it seems in which multiple services are disabled so the system can sysprep. That is the reason.



Gorstak said:


> Depending on your ISP, a workgroup can be a liability,



This is also total misinformation.


----------



## Gorstak (Nov 10, 2018)

No, I canceled sysprep...simple click on cancel, not entering audit mode. I hate to be rude, but this is the second time I see you pulling info out of your beep.


----------



## R-T-B (Nov 10, 2018)

Gorstak said:


> Then they decided that idea is silly and moved on to workgroups.



Workgroups have long proceeded homegroups.  Sheesh.  Anyone remember Windows 3.11 for Workgroups?



Gorstak said:


> I hate to be rude, but this is the second time I see you pulling info out of your beep.



Frankly, you've been doing that left and right, so I wouldn't go there.


----------



## Gorstak (Nov 10, 2018)

Great, a troll is all we needed here.


----------



## Solaris17 (Nov 10, 2018)

Gorstak said:


> No, I canceled sysprep...simple click on cancel, not entering audit mode. I hate to be rude, but this is the second time I see you pulling info out of your beep.



Exiting out of sysprep GUI is not 



Gorstak said:


> I canceled sysprep...simple click on cancel, not entering audit mode.



exiting audit mode.

Because



Gorstak said:


> when I did a clean install and pressed ctrl + shift + F3



pressing CTRL+SHIFT+F3 during installation and skipping OOBE is Entering Audit mode.

https://docs.microsoft.com/en-us/wi...re/desktop/boot-windows-to-audit-mode-or-oobe

This is, allows you to make modifications to the OS with minimal services running and non functional features to prepare the OS for image acquisition so that it can be re-deployed to a fleet of machines. (I prefer PXE).

I literally do this like every quarter. You are not meant to run or operate windows in this mode, it is for setup only. Exiting the sys prep prompt does not exit audit mode. Audit mode is enabled until a sysprep is completed, Even if you reboot.


----------



## Gorstak (Nov 10, 2018)

Again. Once you login to admin account, you are OFFERED to enter either oobe cleanup or AUDIT mode. You don't have to do it.


----------



## Solaris17 (Nov 10, 2018)

Gorstak said:


> Again. Once you login to admin account, you are OFFERED to enter either oobe cleanup or AUDIT mode.



No. You are not understanding this technology. Audit mode is the default regardless of if you select it in the sysprep GUI or not. This allows you to reboot the machine if a software installation requires it.

You can just read the technical article I linked regarding sysprep. 

However none of this matters. You cannot get rid of a workgroup, in Windows. Yours does not show up because the services required are not running while you are in Audit mode.

The options to modify workgroup in Windows are as follows.


stay in "workgroup"
Change the name of the "workgroup" to something else
Join a domain instead of a workgroup


----------



## R-T-B (Nov 10, 2018)

Gorstak said:


> Great, a troll is all we needed here.



I'm not trolling (If I ever am, I admit it openly).  I'm stating facts backed by a product that was actaully made refuting your foundations of your argument.

You need to study this more.  No offense or trolling intended.


----------



## Assimilator (Nov 10, 2018)

People, this OP is either a troll, a moron, or a paranoid schizo. Please stop entertaining his drivel.

I already called this out in the previous thread but my post got deleted, because apparently calling a spade a spade is considered rude nowadays.


----------



## Solaris17 (Nov 10, 2018)

Assimilator said:


> because apparently calling a spade a spade is considered rude nowadays.



Yup that was me. Again, try to conform to the forum rules at least. don't let the "dainty" part fool you.


----------



## Bill_Bright (Nov 10, 2018)

Gorstak said:


> Basically, once you create a new user in windows 10, you can opt to join a domain, like your work or school, or, you can be in a workgroup.


Or do neither. Nothing says you have to join a domain or a workgroup.


Solaris17 said:


> You cannot get rid of a workgroup, in Windows.


You can but the process is not straightforward.

What you need to do is rename your computer and reboot. Your computer will no longer be recognized by the workgroup and will not be allowed in. 

Also, see How to Delete Windows Workgroup.


----------



## Solaris17 (Nov 10, 2018)

Bill_Bright said:


> Or do neither. Nothing says you have to join a domain or a workgroup.
> You can but the process is not straightforward.
> 
> What you need to do is rename your computer and reboot. Your computer will no longer be recognized by the workgroup and will not be allowed in.
> ...



Eh thats not exactly right. That ties into what I said here.



Solaris17 said:


> Change the name of the "workgroup" to something else



Pardon me for not being great at explaining this. If you follow that guide, you are doing what I just quoted. What is actually happening though is that "workgroup" is sometimes reffered to as both a name and a function.

You can rename your "workgroup" to say "Alice" However "Alice" is now your "workgroup" it provides the OS and protocols relying on inter workstation communication the same information they need to do their job, its simply no longer called "workgroup".

domains perform a similar function. If you were to go to your system and click advanced under system and went to rename "workgroup" you could also choose a domain. Now while internally domains do a bit more and some of the same a bit differently it doesnt matter for example what the domain is called.

it could be

contoso.com (this shows up alot in MS documentation)
or techpowerup.com

In either case the name is providing the same oppertunity for a network that "shares that name" (for lack of a better word to discribe it) to utilize features that rely on these names.

you never truly get rid of it in that sense. Workgroup in itself is just a default name baked into windows that is utilized by certain feature sets. The name can be changed but there must always be one.

Here is a SS of a server I have in a VM for testing.





A "Workgroup:" and a "Domain:" both expose certain features. However in this case "WORKGROUP" is just a name. You can change the name of course. However you must be part of one or the other and you cannot name it nothing.


----------



## Bill_Bright (Nov 10, 2018)

As I said, it is not straight forward.


Solaris17 said:


> You can rename your "workgroup" to say "Alice" However "Alice" is now your "workgroup" it provides the OS and protocols relying on inter workstation communication the same information they need to do their job, its simply no longer called "workgroup".


True - kind of. Your computer is not really a part of any group - unless you consider 1 computer a "group". Your folders and files and connected printers are no longer being shared. Other computers on your network can no longer access those assets via "their" workgroup. And you can no longer access assets on their workgroup. 

It is kinda (but not really) like being a single computer connected to a router. It is a network of just 1 computer. And while it is networked, there are no other computers it is networked with. It is a LAN with just one computer. 


Solaris17 said:


> Pardon me for not being great at explaining this.


Nothing to be pardoned for. IMO Microsoft messed it all up with nonsensical names and functions that were not intuitive and never really worked properly. I suspect it was their marketing weenies trying to be clever again. 

"Sharing" assets makes sense. And ever since Windows computers supported networking, sharing was possible. But you almost had to be a network engineer and Windows expert to share a folder, drive or printer over your own local network. Workgroups was supposed to make that easy but was never, IMO, properly implemented. I think that is due, in part, because the developers didn't like it because it exposed those shared folders to bad guys - forcing users to become security experts too. 

Personally, I have 6 computers here. If I want to share a folder, I set up sharing on that folder and only let specific users on specific computers have access. For my clients, I insist on putting printers on the network and all users can print to the networked printer instead of any "host" computer opening up sharing. And if they have files they need to share, I set them up with a NAS. I don't want them messing with workgroups - unless they want to assume total responsibility for their own support and security!


----------



## Solaris17 (Nov 10, 2018)

Bill_Bright said:


> unless you consider 1 computer a "group".



Yeah thats what I mean, Just that technically speaking it is part of a "group". Of course if your the only one, then none of the functionality it provides matters, and maybe thats what the OP wants. In which case It might be something for him to consider.


----------



## Gorstak (Nov 10, 2018)

I think I've read somewhere that all that it takes for them to connect to your pc in a workgroup is the same user created on both devices.


----------



## Bill_Bright (Nov 10, 2018)

What I am suggesting is a workgroup of 1 doesn't provide any functionality. 


Gorstak said:


> I think I've read somewhere that all that it takes for them to connect to your pc in a workgroup is the same user created on both devices.


No. Even the default workgroup "workgroup" has to be setup before any other computer can join it. It is not enabled by default with no password, for example. That would be a HUGE security issue if anybody could just connect another computer to the network, guess (or even know) a user name, and get access to everything.


----------



## newtekie1 (Nov 10, 2018)

Bill_Bright said:


> Your folders and files and connected printers are no longer being shared.



This is not true at all.  The workgroup you are in does not affect what you are sharing at all.



Bill_Bright said:


> Other computers on your network can no longer access those assets via "their" workgroup. And you can no longer access assets on their workgroup.



In theory, yes.  However, anything Windows 7 and newer doesn't care about Workgroups.

Lets make this clear, Workgroups makes management and finding resources easier.  However, it does not deny any access to anything, there is no mechanism built into Windows Workgroups that prevent access to any resources.  A computer in WorkgroupA can access all the shared resources from any computer in WorkgroupB.

And now that Windows Network Discovery exists, shared resources from computers in other workgroups show up in network.  Being in a different Workgroup is not a way to deny resources to others.



Gorstak said:


> I think I've read somewhere that all that it takes for them to connect to your pc in a workgroup is the same user created on both devices.



You don't even need that.  I can plug my laptop into your network, even with my laptop in a completely different Workgroup, I don't even need to know what Workgroup your computer is in, and all I need is the username and password you use to log into your computer and I can access every file on your computer.  I do not even have to have the same username and password that matches your on my computer.


----------



## Bill_Bright (Nov 10, 2018)

newtekie1 said:


> This is not true at all. The workgroup you are in does not affect what you are sharing at all.


 See, this is what I mean by it is not straight-forward. It makes it very confusing. newteckie1 is absolutely correct. If you set up "sharing" you don't even need to use a workgroups.

But you can share through workgroups. So if you remove yourself from that workgroup, it does affect those shares.



newtekie1 said:


> A computer in WorkgroupA can access all the shared resources from any computer in WorkgroupB.


Wait! What? No. Two different computers in two different workgroups cannot access all the shared resources.


----------



## newtekie1 (Nov 10, 2018)

Bill_Bright said:


> See, this is what I mean by it is not straight-forward. It makes it very confusing. newteckie1 is absolutely correct. If you set up "sharing" you don't even need to use a workgroups.
> 
> But you can share through workgroups. So if you remove yourself from that workgroup, it does affect those shares.



You can share through Homegroups, not Workgroups.  Of course, Homegroups is now gone.  There is no actual sharing through Workgroups, all Workgroups do is allow computers to be grouped together for easy management. But there is no limit on sharing between different Workgroups.



Bill_Bright said:


> Wait! What? No. Two different computers in two different workgroups cannot access all the shared resources.



Yes, they absolutely can.  There is nothing when setting up shared resource that limits those shared resources to computers in the same Workgroup.


----------



## Solaris17 (Nov 10, 2018)

Bill_Bright said:


> Wait! What? No. Two different computers in two different workgroups cannot access all the shared resources.



They can, but it will ask you to authenticate as a user that does have access to those resources.


----------



## newtekie1 (Nov 10, 2018)

Solaris17 said:


> They can, but it will ask you to authenticate as a user that does have access to those resources.



It should do that even if they are in the same Workgroup.


----------



## R-T-B (Nov 10, 2018)

I have to say, all this confusion about workgroups is giving me serious nostalgia.  I remember learning this when I was an OS/2 aficionado with IBM LAN manager.


----------



## Bill_Bright (Nov 10, 2018)

Solaris17 said:


> They can, but it will ask you to authenticate as a user that does have access to those resources.


Right. That is a HUGE distinction than suggesting any user on computer A in workgroup ABC can access any share on computer X in workgroup XYZ.



newtekie1 said:


> It should do that even if they are in the same Workgroup.


It does. It goes by user too, not just the computer.

*IF* it was so easy for any user of any computer on any workgroup to access files on any computer in any other network - as has been suggested in this thread - it would be a *HUGE* security nightmare Microsoft would have been slammed for relentlessly for years. But that didn't happen because such easy access was never possible.


----------



## newtekie1 (Nov 10, 2018)

Bill_Bright said:


> Right. That is a HUGE distinction than suggesting any user on computer A in workgroup ABC can access any share on computer X in workgroup XYZ.
> 
> It does. It goes by user too, not just the computer.
> 
> *IF* it was so easy for any user of any computer on any workgroup to access files on any computer in any other network - as has been suggested in this thread - it would be a *HUGE* security nightmare Microsoft would have been slammed for relentlessly for years. But that didn't happen because such easy access was never possible.



Yes, you're correct, I should have been more clear.  What I meant was that any computer in WorkgroupA can access the shared resources on any computer in WorkgroupB _as long as they have the proper user credentials_.  Windows sharing and the permissions to access shared resources is based on User credentials. The Workgroups the computers are in do not affect permission to access shared resources at all. That is the important point the OP and a few others in this thread need to understand.  Removing yourself from a Workgroup or changing what Workgroup you are in will not limit anyone's ability to access the shared resources on your computer.  That is not how Windows networking works.


----------



## Bill_Bright (Nov 10, 2018)

newtekie1 said:


> Removing yourself from a Workgroup or changing what Workgroup you are in will not limit anyone's ability to access the shared resources on your computer.


Right. But it could limit what other computers can access on your computer. And that's a good thing.


----------



## newtekie1 (Nov 11, 2018)

Bill_Bright said:


> Right. But it could limit what other computers can access on your computer. And that's a good thing.



No it won't. It will not limit what anyone can access in your computer. The Workgroup does not control that.


----------



## eidairaman1 (Nov 11, 2018)

Solaris17 said:


> You cant. A workgroup is not the same as a home group. workgroup has been around since like windows 98. Home group is what allowed you to share random things with other machines on your network more easily. Workgroup has always existed.
> 
> EDIT:: In your case it appears that the underlying services and corresponding registry entries are damaged (this is probably WMI). This is not a good thing, and does not mean you are "ridding yourself of a workgroup" Issues like the one imaged above can cause adverse issues with your machine.
> 
> ...



It has been around since 3.1


----------



## johnspack (Nov 11, 2018)

He does know that Workgroup is just the default name,  and it can be changed right?  Also nothing can be shared unless you set up shares and set up passwords right?  And this can be used between
windows,  linux and macosx right?  And unless you set anything up,  nothing is accessible on your computer?  Networking 101.   Sorry....


----------



## Regeneration (Nov 11, 2018)

You can't disable Workgroups in Windows. Its part of the network stack since Windows 3.11.

Workgroup is used for LAN (computers on the same local network by subnet).

You can disable network discovery and file sharing to remain hidden from other PCs in the local network.

Workgroups isn't used for WAN (computers on the Internet).

If you worry about network security, enable the modem/router firewall and use a 3rd party software firewall.

If you're paranoid, you can disable the entire SMB protocol and NetBIOS from the network adapter settings.


----------



## dorsetknob (Nov 11, 2018)

Just drop this into the water that flows under the Troll Bridge






Jesus this is all he wanted to know and now its turned into a dogging spot


----------



## Frick (Nov 11, 2018)

dorsetknob said:


> Just drop this into the water that flows under the Troll Bridge
> 
> 
> 
> ...



Unfortunately it is not that simple. If you read the OP (and the other thread) there is some serious confusion going on regarding, well many things. He basically said they replaced Homegroups with Workgroups.



Assimilator said:


> People, this OP is either a troll, a moron, or a paranoid schizo. Please stop entertaining his drivel.
> 
> I already called this out in the previous thread but my post got deleted, because apparently calling a spade a spade is considered rude nowadays.



If by calling someone a spade means seriously suggesting they are schizofrenic or psychotic because they have misunderstood some things, well yes that is pretty hecked rude. I mean I could call you a shitwreck and make the same claim.

I'm learning a lot from the threads, thankd to solaris.


----------



## Bill_Bright (Nov 11, 2018)

newtekie1 said:


> No it won't. It will not limit what anyone can access in your computer. The Workgroup does not control that.


Now you are saying again that any user of any computer on the same network can access your computer even if not in the same workgroup? How?

@dorsetknob - remember, Homegroup and Workgroup are not the same thing.


----------



## MrGenius (Nov 11, 2018)

FYI there is no Homegroup in Windows 10 since version 1803.
https://www.howtogeek.com/fyi/microsoft-just-removed-homegroups-from-windows-10/

So they did _essentially  _replace Homegroup with Workgroup_._ Why? Because Homegroup and Workgroup are _pretty much _ the same thing. And having both would be unnecessarily redundant.


----------



## newtekie1 (Nov 11, 2018)

Bill_Bright said:


> Now you are saying again that any user of any computer on the same network can access your computer even if not in the same workgroup? How?



Because the Workgroup system has no control over sharing.  It is just there to group computers to make larger networks easier to navigate, not to control sharing of resources.  Windows network sharing permissions are Username and Password based, the Workgroup has nothing to do with permissions.

I'll give you an example using two computers.

Computer1
Computer Name: Computer1
WorkGroup: Workgroup1
IP Address: 192.168.1.100
Username: User1
Password: Password1

Computer2
Computer Name: Computer2
Workgroup: Workgroup2
IP Address: 192.168.1.101
Username: HLJOIJKMOMIOJ
Password: HOJMKOMHOMKIHOIH

Now, we'll say Computer1 is sharing resources, say a printer and a folder containing some files.  Computer2 can access all of those shared resources.  Type \\192.168.1.100 into Explorer, it will ask you for the username and password of Computer1, after you enter those you get access to the shared resources.  The Workgroup has nothing to do with that.  You can also type \\Computer1 and get the same thing, again the Workgroup doesn't matter here.  This is seriously Windows networking 101.  Even if Computer1 has network discovery turned off, it will still show up this way.

Sure, you can say "but you have to know the other computer's IP address or computer name".  Yep, and there are an insane number of free network scanners that will give you that information.


----------



## Bill_Bright (Nov 11, 2018)

The problem with your scenario is you are assuming User 1 on Computer 1 opened up sharing to everyone. When I open up sharing to a fold on my computer, it is only to specific users. But that's me.


newtekie1 said:


> Sure, you can say "but you have to know...


Yeah, if you say "if" this and "if" that and "if" this other thing is set up here and that is set up there. But that is a convoluted set of circumstances that must be in place. Entirely possible? Sure. But automatic such that your computer is left wide open to any other computer on that network? No. 

In any case, this just demonstrates all the confusion out there.


MrGenius said:


> FYI there is no Homegroup in Windows 10 since version 1803.


 As mentioned multiple times in this thread (1) Homegroups and Workgroups are NOT the same thing and (2) yes, we already know W10 no longer supports them. Even adding to your post to say they are "pretty much" the same thing is a stretch. They use totally separate technologies and different network protocols. Homegroups require passwords, workgroups don't. There are many other differences. 

But of course and right along with Microsoft's horrible tradition of using similar (or even the exact same) names for different features and programs, it just further confuses the issue with their similar names.


----------



## newtekie1 (Nov 11, 2018)

Bill_Bright said:


> The problem with your scenario is you are assuming User 1 on Computer 1 opened up sharing to everyone. When I open up sharing to a fold on my computer, it is only to specific users. But that's me.



No, I didn't.  Read it again, I'm very clear about the user name being required.  Again, like I explained, sharing permissions is username/password based, not Workgroup based.

Again, your original statement was that simply changing the Workgroup you are in somehow limits what a person can access on your computer.  That is what is not true and what I'm correcting.  Anyone with the necessary user credentials to your computer can access it if they are on the same network regardless of what Workgroup each computer is in.



Bill_Bright said:


> Yeah, if you say "if" this and "if" that and "if" this other thing is set up here and that is set up there. But that is a convoluted set of circumstances that must be in place. Entirely possible? Sure. But automatic such that your computer is left wide open to any other computer on that network? No.



I never said it was left wide open.  Again, I'm only correcting the misinformation, that you posted as well as others, that changing your Workgroup somehow limits access to your computer.  It does not in any way.  If they have access to your computer when it is in the same Workgroup, they will have the same access to your computer when it is in a different Workgroup.


----------



## Regeneration (Nov 11, 2018)

Workgroup is just a friendly name for network grouping. PCs from one workgroup can view and access another. It is user/password based.

Every Windows PC must have a unique name and membership for domain OR workgroup.


----------



## MrGenius (Nov 11, 2018)

This





Bill_Bright said:


> Even adding to your post to say they are "pretty much" the same thing is a stretch. They use totally separate technologies and different network protocols. Homegroups require passwords, workgroups don't. There are many other differences.


You need one or the other to do the same things = they are pretty much the same thing.

Differences? Yeah...so what? Flour tortillas are different than corn tortillas. But you can put the same shit in either one and get the job done. There's equally no point in getting all hyper-technical about the differences between a homegroup and a workgroup. And IS WHY homegroup is history.


----------



## Bill_Bright (Nov 11, 2018)

newtekie1 said:


> Anyone with the necessary user credentials to your computer can access it if they are on the same network


I agree with this completely and just think we are barking up different sides of the same tree (mostly my fault). In any case, I would not and don't use homegroups or workgroups. There are better, more secure ways to share resources.


newtekie1 said:


> This is seriously Windows networking 101. Even if Computer1 has network discovery turned off, it will still show up this way.


I agree but showing up, or being able to see other computers on the network is totally different than gaining access (even Read only access) to the files on that computer. As you noted, you would still have to have the necessary credentials.


MrGenius said:


> Differences? Yeah...so what? Flour tortillas are different than corn tortillas.


So what? Because flour tortillas are totally different than corn. Stuff meat in a rolled up flour tortilla, smother in sauce and cheese and you got a burrito. Stuff it in a corn tortilla and smother in sauce and cheese and you got an enchilada. Surely you see the difference?


----------



## newtekie1 (Nov 11, 2018)

Bill_Bright said:


> As you noted, you would still have to have the necessary credentials.



Yep, and that is the main point I'm making, access to shared resources is governed by credentials, not Workgroups in any way.


----------



## R-T-B (Nov 11, 2018)

Bill_Bright said:


> Now you are saying again that any user of any computer on the same network can access your computer even if not in the same workgroup? How?



by ip with a valid username and password?

Workgroup is really just a logical grouping.  That's all.



MrGenius said:


> Because Homegroup and Workgroup are _pretty much _ the same thing.



No, they aren't.



MrGenius said:


> You need one or the other to do the same things



No, you don't.  I can share files to another system without being a member of the same workgroup or a homegroup.

I can be in a workgroup and have no file shares.

I can't do that with a homegroup as the whole idea is different.

Homegroups were introduced for small file sharing scenarios.  NASes killed them, not redundancy.


----------



## Frick (Nov 11, 2018)

R-T-B said:


> Homegroups were introduced for small file sharing scenarios.  NASes killed them, not redundancy.



I always had a vague idea it had to do with the SMB 1.0 deprecition. Is NASes really used as a substitute for networking these days? I mean it makes sense, but I never thought about it up to now.


----------



## R-T-B (Nov 11, 2018)

Frick said:


> I always had a vague idea it had to do with the SMB 1.0 deprecition. Is NASes really used as a substitute for networking these days? I mean it makes sense, but I never thought about it up to now.



Not for networking but for small office/home sharing people will go NAS way before trying homegroup.

Technically homegroup can work with SMB2+.  MS had no interest though.


----------

