2000 upgrade - auto join domain

C

Chad Shutts

Today I ran into a case where an employee went out and
bought a 2000 upgrade to upgrade their own 98 system.

It appears that the 2000 upgrade automatically joined the
domain (became a member, created a SID). This is not
good in the corporate world..where an end user can just
go by a 2000 upgrade and install it have it automatically
create a machine account without the Network
administration knowing until after the fact.

Is there a way to stop this, before it happens again?
 
L

Leythos

Today I ran into a case where an employee went out and
bought a 2000 upgrade to upgrade their own 98 system.

It appears that the 2000 upgrade automatically joined the
domain (became a member, created a SID). This is not
good in the corporate world..where an end user can just
go by a 2000 upgrade and install it have it automatically
create a machine account without the Network
administration knowing until after the fact.

Is there a way to stop this, before it happens again?
Click to expand...

They can't join the domain without a user/password that has permission
to join the domain, at least not that I've seen. What server roles
(groups) is that user a part of, or what user/password did they enter
when asked?
 
C

Chad Shutts

they are in one (limited access) group, and have no
access to a admin username and password.

That is why this is so troubling to me. It was a
maitenance man that just went to staples or bestbuy and
bought the upgrade and installed it.
-----Original Message-----
Click to expand...
 
D

David Thompson

When you have a windows 2000 domain, the default policy is that any domain
user and add upto 10 computers to the domain. You can turn this capability
off by modifying the default domain policy. To do this, under
administative tools open the "Default Domain Policy" and the expand "Local
policies", select "User Rights Assignment", in the right window you will
see a list of rights. One of the rights is "Add Workstations to Domain",
double click and the remove all users and groups that you do not want to
have this capability.




****************************************************************************
*
David Thompson [MSFT]
Microsoft Server Setup Team

Search our Knowledge Base at http://support.microsoft.com/directory
Visit the Windows 2000 Homepage at
http://www.microsoft.com/windows2000/default.asp
See the Windows NT Homepage at http://www.microsoft.com/ntserver/

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose.
The views and opinions expressed in this newsgroup posting are mine and do
not necessarily express or reflect the views and / or opinions of
Microsoft.
****************************************************************************
**
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

upgrade to 2000 joining a domain while maintaining workgroup 2
Domain upgrade/network interface drivers 2
Using Windows 2000 server as a BDC in an NT Domain 2
Upgrading Domain 8
Windows 2000 Upgrade 1
2003 CA in 2000 Domain 10
Upgrade Windows 2000 domain to Windows 2003 domain 3
upgrade from NT 4 TO Wins 2000 1

Top