"add workstations to domain" group policy restriction

  • Thread starter Thread starter Johnny Chow
  • Start date Start date
J

Johnny Chow

Hi,
I want to prevent people to add computer or remove computer from
network. I saw domain and domain controler group policies, "user
rights" -> "add worksttations to domain" so I removed everything and
added only my user ID with Admin privilege into the list. However, I
still can add computer to domain by using regular domain user. Is there
anything I need to do besides domain and domain controller policies.
I curious which group policy has higher precedence. Any help or
information will be appreciated to restrict add and remove workstations
to domain.

Thank you in advance,

Regards,

Johnny Chow
 
Hi Johnny.

Try do that in Domain Controllers Security Policy and then running " secedit
/refreshpolicy machine_policy /enforce" on the domain controller when done.
Also be sure that the user is not a member of any domain administrator
groups. --- Steve
 
Hi Steven,

I tried it out and unforturnately it did not work. Somehow I do not
understand what you mean "the user is not a member of any domain
administrator." Do you imply I should use any regular user account to
logon to the doman controller and running "secedit /refreshpolicy
machine_policy /enforce".

Thank you,

Johnny Chow
 
Back
Top