I want to configure the security settings for the computer accounts that only allow domain user to join domain. I have tried to create a dummy account using Active Directory Users and Computers > New Computer Wizard and specified a domain user account in the "The following user or group can join this computer to a domain". The domain account is able to join domain but also can modify the computer name, by simply changing the computer name in the Windows client, the computer account will be modified after restart. Does anyone know what is the minimum security settings of the computer account object so that the domain account can only have join domain priviledge and nothing else? Thanks.