Prevent user from adding PC to a domain

  • Thread starter Thread starter Stephen Stormont
  • Start date Start date
S

Stephen Stormont

I know that any user account (even non-admin accounts)can add a Windows
2000 PC to a domain, but is there anyway to prevent this?

Steve
 
Stephen Stormont said:
I know that any user account (even non-admin accounts)can add a Windows
2000 PC to a domain, but is there anyway to prevent this?
Click to expand...


Yes. I cannot recall the setting, but there is one -- in Group Policy
I believe -- to make it work like NT. (Only those with rights, or
explicit permissions on an OU, can add.)

Thought it might help you to know it existed even if I couldn't
remember the setting name or location.
 
I found the setting. Thanks.

Steve
Herb Martin said:
Yes. I cannot recall the setting, but there is one -- in Group Policy
I believe -- to make it work like NT. (Only those with rights, or
explicit permissions on an OU, can add.)

Thought it might help you to know it existed even if I couldn't
remember the setting name or location.
Click to expand...
 
FYI the user right you found for "add workstations to the domain" must be configured
at the domain controller level such as Domain Controller Security Policy. It will be
ignored at other levels such as domain. --- Steve
 
Stephen Stormont said:
I found the setting. Thanks.
Click to expand...

You're welcome.

It's consider good form when you find something like
this to include the reference -- I appreciate the "thanks"
but the technical information you found would be more
important to those who help or seek help here....
 
Back
Top