Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Minimum security settings of computer accounts for allowing domain user account to join domain

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 18-08-2008
Member
 
Join Date: Aug 2005
Posts: 257
Minimum security settings of computer accounts for allowing domain user account to join domain

I want to configure the security settings for the computer accounts that only allow domain user to join domain. I have tried to create a dummy account using Active Directory Users and Computers > New Computer Wizard and specified a domain user account in the "The following user or group can join this computer to a domain". The domain account is able to join domain but also can modify the computer name, by simply changing the computer name in the Windows client, the computer account will be modified after restart. Does anyone know what is the minimum security settings of the computer account object so that the domain account can only have join domain priviledge and nothing else? Thanks.

Reply With Quote
  #2  
Old 18-08-2008
Member
 
Join Date: Sep 2005
Posts: 226
I usually dont like to use the Delegation Wizard for many reasons, the same thing can be also done using the Security tab in the Properties of the OU containing the computer accounts. I also do not understand which Properties a user needs to be able to Write to join a computer to a domain, but I do know that atleast some of them are written during the join operation, if I leave out the "Write All Properties", users cannot join the computer to the domain because a subset will work but I dont know which ones. Follow the below for instance:
  1. First of all, in the Security tab, click Advanced.
  2. After that click Add.
  3. Now you need to key the name of the user or group you want to grant the permissions to; click OK
  4. After that from the Apply onto: box, select Computer Objects
  5. Now you can add check marks in the Allow column in these rows:
    Write All Properties (or select the Properties tab to grant Write to only those that are required)
    Reset Password
    Validate write to DNS host name
    Validate write to service principal name
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Minimum security settings of computer accounts for allowing domain user account to join domain"
Thread Thread Starter Forum Replies Last Post
Transfer computer and user accounts from one domain to another MilesAway Active Directory 3 22-08-2011 12:40 PM
Join computer to domain without domain admins right ridergroov Active Directory 2 09-10-2008 03:08 AM
Delegate permission let one user to join pc to a domain Bhuvan Active Directory 3 19-08-2008 02:21 AM
Creating a domain account only used to join computers to a domain kyosang Active Directory 4 10-02-2007 01:41 AM
Delegate domain user permission to join domain BlackSunReyes Active Directory 3 25-04-2005 01:03 PM


All times are GMT +5.5. The time now is 06:21 PM.