Adding Computers to the Domain

  • Thread starter Thread starter Alex Anderson
  • Start date Start date
A

Alex Anderson

Hello Everyone,

How do you put up an audit trail within Windows 2000 server to see who
added a computer to the domain? I have a workstation object and I want to
find out who added to the domain by supplying a user and password. Can this
be done?

Thank you
Alex Anderson
 
In the Domain Controller Security Policy enable auditing on account management and
then review your security logs in Event Viewer on the domain controllers for Event ID
645. You can download Event Comb from Microsoft to scan multiple logs for specific
events. Keep in mind that by default a regular user can add up to ten workstations to
the domain. You can change that by removing authenticated users from the user
right -add workstations to the domain in Domain Controller Security Policy. ---
Steve
 
Steve,

So, if the adding of a workstation already happen, by follow your
instructions I can find out who still?

Thank you
Alex Anderson
 
You would already have had to have auditing of account management in place to find
out who added a computer to the domain. However if you go to the computer object in
AD and look in properties/object you will at least know when it was created which may
be a helpful clue. --- Steve
 
Back
Top