|
|
![]() |
| Thread Tools | Search this Thread |
#1
| |||
| |||
Minimum security settings of computer accounts for allowing domain user account to join domain
I want to configure the security settings for the computer accounts that only allow domain user to join domain. I have tried to create a dummy account using Active Directory Users and Computers > New Computer Wizard and specified a domain user account in the "The following user or group can join this computer to a domain". The domain account is able to join domain but also can modify the computer name, by simply changing the computer name in the Windows client, the computer account will be modified after restart. Does anyone know what is the minimum security settings of the computer account object so that the domain account can only have join domain priviledge and nothing else? Thanks. |
#2
| |||
| |||
I usually dont like to use the Delegation Wizard for many reasons, the same thing can be also done using the Security tab in the Properties of the OU containing the computer accounts. I also do not understand which Properties a user needs to be able to Write to join a computer to a domain, but I do know that atleast some of them are written during the join operation, if I leave out the "Write All Properties", users cannot join the computer to the domain because a subset will work but I dont know which ones. Follow the below for instance:
|
![]() |
|
Thread Tools | Search this Thread |
|
![]() | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Transfer computer and user accounts from one domain to another | MilesAway | Active Directory | 3 | 22-08-2011 12:40 PM |
Join computer to domain without domain admins right | ridergroov | Active Directory | 2 | 09-10-2008 03:08 AM |
Delegate permission let one user to join pc to a domain | Bhuvan | Active Directory | 3 | 19-08-2008 02:21 AM |
Creating a domain account only used to join computers to a domain | kyosang | Active Directory | 4 | 10-02-2007 02:41 AM |
Delegate domain user permission to join domain | BlackSunReyes | Active Directory | 3 | 25-04-2005 01:03 PM |