2000 upgrade - auto join domain

  • Thread starter Thread starter Chad Shutts
  • Start date Start date
C

Chad Shutts

Today I ran into a case where an employee went out and
bought a 2000 upgrade to upgrade their own 98 system.

It appears that the 2000 upgrade automatically joined the
domain (became a member, created a SID). This is not
good in the corporate world..where an end user can just
go by a 2000 upgrade and install it have it automatically
create a machine account without the Network
administration knowing until after the fact.

Is there a way to stop this, before it happens again?
 
Today I ran into a case where an employee went out and
bought a 2000 upgrade to upgrade their own 98 system.

It appears that the 2000 upgrade automatically joined the
domain (became a member, created a SID). This is not
good in the corporate world..where an end user can just
go by a 2000 upgrade and install it have it automatically
create a machine account without the Network
administration knowing until after the fact.

Is there a way to stop this, before it happens again?
Click to expand...

They can't join the domain without a user/password that has permission
to join the domain, at least not that I've seen. What server roles
(groups) is that user a part of, or what user/password did they enter
when asked?
 
they are in one (limited access) group, and have no
access to a admin username and password.

That is why this is so troubling to me. It was a
maitenance man that just went to staples or bestbuy and
bought the upgrade and installed it.
-----Original Message-----
Click to expand...
 
When you have a windows 2000 domain, the default policy is that any domain
user and add upto 10 computers to the domain. You can turn this capability
off by modifying the default domain policy. To do this, under
administative tools open the "Default Domain Policy" and the expand "Local
policies", select "User Rights Assignment", in the right window you will
see a list of rights. One of the rights is "Add Workstations to Domain",
double click and the remove all users and groups that you do not want to
have this capability.




****************************************************************************
*
David Thompson [MSFT]
Microsoft Server Setup Team

Search our Knowledge Base at http://support.microsoft.com/directory
Visit the Windows 2000 Homepage at
http://www.microsoft.com/windows2000/default.asp
See the Windows NT Homepage at http://www.microsoft.com/ntserver/

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose.
The views and opinions expressed in this newsgroup posting are mine and do
not necessarily express or reflect the views and / or opinions of
Microsoft.
****************************************************************************
**
 
Back
Top