Letting Techs add a computer account to the domain

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

We are trying to come up with a way that our PC Techs can add a computer
account to the domain, but not have any other Administrative rights to the
domain. Is there a way to do this with NT Server 4.0?

We have had a breach of security here, since the administrator password was
known. Now that it has been changed the network admin is the only person to
be able to add computers to the domain. We need a way the Techs can do this
instead to speed up the process.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

A user right exists called "add workstations to domain".

"Charlie E Roberts" <croberts@#Columbusga.org> wrote in message news:
> We are trying to come up with a way that our PC Techs can add a
computer
> account to the domain, but not have any other Administrative rights to
the
> domain. Is there a way to do this with NT Server 4.0?
>
> We have had a breach of security here, since the administrator
password was
> known. Now that it has been changed the network admin is the only
person to
> be able to add computers to the domain. We need a way the Techs can do
this
> instead to speed up the process.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

We have tried to do just that but as a group. We are getting an unknown
username or bad password error when someone that is a part of that group
tries to join the domain. Should we do each user individually?

"Michael Giorgio - MS MVP" wrote:

> A user right exists called "add workstations to domain".
>
> "Charlie E Roberts" <croberts@#Columbusga.org> wrote in message news:
> > We are trying to come up with a way that our PC Techs can add a
> computer
> > account to the domain, but not have any other Administrative rights to
> the
> > domain. Is there a way to do this with NT Server 4.0?
> >
> > We have had a breach of security here, since the administrator
> password was
> > known. Now that it has been changed the network admin is the only
> person to
> > be able to add computers to the domain. We need a way the Techs can do
> this
> > instead to speed up the process.
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Try adding domain\ to the user account e.g.,
mydomain\user.
"Charles E Roberts" <croberts@#Columbusga.org> wrote in message
news:8513084F-DAF0-4C11-87A2-B0ECE4961FE1@microsoft.com...
> We have tried to do just that but as a group. We are getting an
unknown
> username or bad password error when someone that is a part of that
group
> tries to join the domain. Should we do each user individually?
>
> "Michael Giorgio - MS MVP" wrote:
>
> > A user right exists called "add workstations to domain".
> >
> > "Charlie E Roberts" <croberts@#Columbusga.org> wrote in message
news:
> > > We are trying to come up with a way that our PC Techs can add a
> > computer
> > > account to the domain, but not have any other Administrative
rights to
> > the
> > > domain. Is there a way to do this with NT Server 4.0?
> > >
> > > We have had a breach of security here, since the administrator
> > password was
> > > known. Now that it has been changed the network admin is the only
> > person to
> > > be able to add computers to the domain. We need a way the Techs
can do
> > this
> > > instead to speed up the process.
> >
> >
> >