G
Guest
Have some questions concerning Active Directory and Policies.
- Right to create/delete computer objects.
I set this parameter for the "Authenticated Users" on the "Computer"
container in "Active Directory Users and Computers". It seemed to work for a
while. Users could join their Windows 2000 computer to the domain when they
needed to reinstall their PC. But I realized in the last weeks that I needed
to give the user admin rights for this operation because it did no longer
work. What is wrong or what should I also check ? Or is that different with
Windows 2003 servers ? (my source: Q251335)
- Domain Users are member of the local Administrator group of each workstation
This has been set according the Q320065 Microsoft article that describes how
to configure a global group local to be member of the Administrators group of
all workstations by using restricted groups configuration in a policy. That
works fine for mostly all the computers but we found out that we could not
install software on some computers when using a domain user account. We
verified on the local workstation that the domain user group was member of
the administrator group and it was. So why ?
- xxx.local or xxx domain
When joining a workstation (and create a WS account) to the domain, we found
out that we had to enter "xxx.local" as the domain name in some locations
(Windows 2003 DC servers) and only "xxx" in other locations (Windows 2000 DC
servers) when entering credentials. Why ?
- Are computer/user informations stored somewhere in AD ?
We have the impression that some informations like DNS entries of a computer
are stored somewhere in AD because when we reinstall the whole PC, these
informations are still available even if the default installation does not
contain such informations (these informations were manually added). We do not
use profiles. How can we explain this ?
Thanks for any reply
Nicolas
- Right to create/delete computer objects.
I set this parameter for the "Authenticated Users" on the "Computer"
container in "Active Directory Users and Computers". It seemed to work for a
while. Users could join their Windows 2000 computer to the domain when they
needed to reinstall their PC. But I realized in the last weeks that I needed
to give the user admin rights for this operation because it did no longer
work. What is wrong or what should I also check ? Or is that different with
Windows 2003 servers ? (my source: Q251335)
- Domain Users are member of the local Administrator group of each workstation
This has been set according the Q320065 Microsoft article that describes how
to configure a global group local to be member of the Administrators group of
all workstations by using restricted groups configuration in a policy. That
works fine for mostly all the computers but we found out that we could not
install software on some computers when using a domain user account. We
verified on the local workstation that the domain user group was member of
the administrator group and it was. So why ?
- xxx.local or xxx domain
When joining a workstation (and create a WS account) to the domain, we found
out that we had to enter "xxx.local" as the domain name in some locations
(Windows 2003 DC servers) and only "xxx" in other locations (Windows 2000 DC
servers) when entering credentials. Why ?
- Are computer/user informations stored somewhere in AD ?
We have the impression that some informations like DNS entries of a computer
are stored somewhere in AD because when we reinstall the whole PC, these
informations are still available even if the default installation does not
contain such informations (these informations were manually added). We do not
use profiles. How can we explain this ?
Thanks for any reply
Nicolas