Hello Glen,
By default each domain user is able to add up to 10 computers to the domain,
check all your policies, start with Default domain controllers GPO.
Under Computer configuration, windows settings, security settings, local
policies, user rights assignment, in the right pane check "Add workstations
to the domain". By default authenticated users are listed there.
See also:
http://support.microsoft.com/kb/243327/en-us
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> I've been struggling with this for awhile so I'll ask for help.
>
> Currently, the Computer OU is the default container where new computer
> accounts are added. The problem is, I end up with all sorts of
> accounts there and they are never moved to the right OU.
>
> I would like to require that the computer account be created first, or
> at least restrict access to the default Computers OU so new accounts
> can not be created by non-domain admins.
>
> I don't see anything security settings in the ACL that should allow
> accounts to be created by non-admins but it still seems to be
> happening. The only account that I think might be allowing this to
> happen is the System Account which has Full Control but I"m leary to
> change the settings on that.
>
> My goal is that if a new computer is added to the domain by a
> non-admin, they would be restricted from adding the account and would
> have to contact their administrator to manually make the account ahead
> of time.
>
> Any help would be appreciated.
>
> Thanks.
>
Similar Threads
Linear Mode
