Sign in with
Sign up | Sign in
Your question

"add workstations to domain" group policy restriction

Tags:
  • Policy
  • Domain
  • Computers
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
December 17, 2004 5:50:02 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,
I want to prevent people to add computer or remove computer from
network. I saw domain and domain controler group policies, "user
rights" -> "add worksttations to domain" so I removed everything and
added only my user ID with Admin privilege into the list. However, I
still can add computer to domain by using regular domain user. Is there
anything I need to do besides domain and domain controller policies.
I curious which group policy has higher precedence. Any help or
information will be appreciated to restrict add and remove workstations
to domain.

Thank you in advance,

Regards,

Johnny Chow

More about : add workstations domain group policy restriction

Anonymous
December 18, 2004 4:15:31 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Johnny.

Try do that in Domain Controllers Security Policy and then running " secedit
/refreshpolicy machine_policy /enforce" on the domain controller when done.
Also be sure that the user is not a member of any domain administrator
groups. --- Steve


"Johnny Chow" <jchow10@yahoo.com> wrote in message
news:uT1e$qI5EHA.2804@TK2MSFTNGP15.phx.gbl...
> Hi,
> I want to prevent people to add computer or remove computer from network.
> I saw domain and domain controler group policies, "user rights" -> "add
> worksttations to domain" so I removed everything and added only my user
> ID with Admin privilege into the list. However, I still can add computer
> to domain by using regular domain user. Is there anything I need to do
> besides domain and domain controller policies. I curious which group
> policy has higher precedence. Any help or information will be appreciated
> to restrict add and remove workstations to domain.
>
> Thank you in advance,
>
> Regards,
>
> Johnny Chow
Anonymous
January 12, 2005 11:31:51 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Steven,

I tried it out and unforturnately it did not work. Somehow I do not
understand what you mean "the user is not a member of any domain
administrator." Do you imply I should use any regular user account to
logon to the doman controller and running "secedit /refreshpolicy
machine_policy /enforce".

Thank you,

Johnny Chow

Steven L Umbach wrote:
> Hi Johnny.
>
> Try do that in Domain Controllers Security Policy and then running " secedit
> /refreshpolicy machine_policy /enforce" on the domain controller when done.
> Also be sure that the user is not a member of any domain administrator
> groups. --- Steve
>
>
> "Johnny Chow" <jchow10@yahoo.com> wrote in message
> news:uT1e$qI5EHA.2804@TK2MSFTNGP15.phx.gbl...
>
>>Hi,
>>I want to prevent people to add computer or remove computer from network.
>>I saw domain and domain controler group policies, "user rights" -> "add
>>worksttations to domain" so I removed everything and added only my user
>>ID with Admin privilege into the list. However, I still can add computer
>>to domain by using regular domain user. Is there anything I need to do
>>besides domain and domain controller policies. I curious which group
>>policy has higher precedence. Any help or information will be appreciated
>>to restrict add and remove workstations to domain.
>>
>>Thank you in advance,
>>
>>Regards,
>>
>>Johnny Chow
>
>
>
!