|
|
||||||
|
#1
04-22-05, 02:49 PM
|
|
|
|
|
How can I remove the right that users have to join our domain. I run a 2000
Domain in a school and at the moment everyone and his dog can join the domain as the default is 10 machines per user i want to restrict this right to the Domain admins group in the default domain policy!? New computers appear in the default computers folder in Users and computers, can I set up a policy that sends these objects (computers) directly to an OU which is preconfigured with restrictions in addition to the default domain Policy??? I should know the answer to this but am somewhat under stress at the moment. I know I,m going to kick myself.... Many thanks in Advance. |
|
|
|
#2
04-22-05, 07:35 PM
|
|
|
|
|
Have you tried setting the "Add workstations to domain" policy?
---------------------policy description from help file --------------------------- Add workstations to domain Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Description Determines which groups or users can add workstations to a domain. This policy is valid only on domain controllers. By default, any authenticated user has this right and can create up to 10 computer accounts in the domain. Adding a computer account to the domain allows the computer to participate in Active Directory-based networking. For example, adding a workstation to a domain enables that workstation to recognize accounts and groups that exist in Active Directory. Default: Authenticated Users. Note a.. Users who have the Create Computer Objects permission on the Active Directory computers container can also create computer accounts in the domain. The distinction is that users with permissions on the container are not restricted to the creation of only 10 computer accounts. In addition, computer accounts that are created by means of "Add workstations to domain" have Domain Administrators as the owner of the computer account, while computer accounts that are created by means of permissions on the computers container have the creator as the owner of the computer account. If a user has permissions on the container and also has the "Add workstations to domain" user right, the computer is added, based on the computer container permissions rather than on the user right. For more information, see: Security Configuration Manager Tools in help. |
|
|
| Similar Threads | |
| join computer to domain Hi All. I removed a computer from domain (disjoin) and delete the computer account. Then when I add the computer back to the doamin with the same computer name and reboot I... |
|
| Join computer to domain without domain admins right Hello, How can i join a computer to a Win2K3 domain wihout having the domain admins right? I've tried [..] but no success. Anyone can advice? Thank you. |
|
| Minimum security settings of computer accounts for allowing domain user account to join domain Hi ALL, I'd like to configure the security settings for the computer accounts that only allow domain user to join domain (nothing else, including changing computer account... |
|
| Join computer to domain I want to have a script that runs on a client system, checks an access table for info based on the computer name, join the correct domain, and then reboot. I have everything... |
|
| Join computer to a domain Hi all, I want to use this script I found at the script center to speed up the process of joing the domain and had a few questions about it: Should I create a special domain... |
|
|
All times are GMT. The time now is 11:42 AM. | Privacy Policy
|
Restrict Who can a computer to the domain join Domain