Rights to add workstations to domain?

  • Thread starter Thread starter mouser
  • Start date Start date
M

mouser

In starting a job with a new company, I've taken over the
Windows network that consists of 1 A.D. Forest with the
root domain and 4 child domains. I've found that for some
reason, every user account in the Forest has the ability
to add workstations to the domain using any user
credentials. I've checked all Group Policy settings to
make sure that nobody is listed under the "Add
Workstations to Domain" (under User Rights Assignments)
and it shows on all GPO's as "Not Defined".

What else would give all users in the child domains this
ability??
 
The user right you describe applies only to Domain Controller Security Policy. Be
sure to define that user right for administrators only. Any user that has the
permission to create computer objects for the computer container can also join
computer to the domain. If that does not work see link below and set limit to
ero. --- Steve

http://www.jsiinc.com/SUBI/tip4300/rh4321.htm
 
Back
Top