2000 upgrade - auto join domain

Archived from groups: microsoft.public.win2000.setup (More info?)

Today I ran into a case where an employee went out and
bought a 2000 upgrade to upgrade their own 98 system.

It appears that the 2000 upgrade automatically joined the
domain (became a member, created a SID). This is not
good in the corporate world..where an end user can just
go by a 2000 upgrade and install it have it automatically
create a machine account without the Network
administration knowing until after the fact.

Is there a way to stop this, before it happens again?
4 answers Last reply
More about 2000 upgrade auto join domain
  1. Archived from groups: microsoft.public.win2000.setup (More info?)

    In article <01eb01c48ae4$4f70b6e0$a601280a@phx.gbl>, cshutts@lcounty.com
    says...
    > Today I ran into a case where an employee went out and
    > bought a 2000 upgrade to upgrade their own 98 system.
    >
    > It appears that the 2000 upgrade automatically joined the
    > domain (became a member, created a SID). This is not
    > good in the corporate world..where an end user can just
    > go by a 2000 upgrade and install it have it automatically
    > create a machine account without the Network
    > administration knowing until after the fact.
    >
    > Is there a way to stop this, before it happens again?

    They can't join the domain without a user/password that has permission
    to join the domain, at least not that I've seen. What server roles
    (groups) is that user a part of, or what user/password did they enter
    when asked?

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  2. Archived from groups: microsoft.public.win2000.setup (More info?)

    they are in one (limited access) group, and have no
    access to a admin username and password.

    That is why this is so troubling to me. It was a
    maitenance man that just went to staples or bestbuy and
    bought the upgrade and installed it.

    >-----Original Message-----
    >In article <01eb01c48ae4$4f70b6e0$a601280a@phx.gbl>,
    cshutts@lcounty.com
    >says...
    >> Today I ran into a case where an employee went out and
    >> bought a 2000 upgrade to upgrade their own 98 system.
    >>
    >> It appears that the 2000 upgrade automatically joined
    the
    >> domain (became a member, created a SID). This is not
    >> good in the corporate world..where an end user can
    just
    >> go by a 2000 upgrade and install it have it
    automatically
    >> create a machine account without the Network
    >> administration knowing until after the fact.
    >>
    >> Is there a way to stop this, before it happens again?
    >
    >They can't join the domain without a user/password that
    has permission
    >to join the domain, at least not that I've seen. What
    server roles
    >(groups) is that user a part of, or what user/password
    did they enter
    >when asked?
    >
    >--
    >--
    >spamfree999@rrohio.com
    >(Remove 999 to reply to me)
    >.
    >
  3. Archived from groups: microsoft.public.win2000.setup (More info?)

    When you have a windows 2000 domain, the default policy is that any domain
    user and add upto 10 computers to the domain. You can turn this capability
    off by modifying the default domain policy. To do this, under
    administative tools open the "Default Domain Policy" and the expand "Local
    policies", select "User Rights Assignment", in the right window you will
    see a list of rights. One of the rights is "Add Workstations to Domain",
    double click and the remove all users and groups that you do not want to
    have this capability.


    ****************************************************************************
    *
    David Thompson [MSFT]
    Microsoft Server Setup Team

    Search our Knowledge Base at http://support.microsoft.com/directory
    Visit the Windows 2000 Homepage at
    http://www.microsoft.com/windows2000/default.asp
    See the Windows NT Homepage at http://www.microsoft.com/ntserver/

    NOTE: Please reply to the newsgroup and not directly to me. This allows
    others to add to and benefit from these threads and also helps to ensure a
    more timely response. Thank you!

    This posting is provided "AS IS" without warranty either expressed or
    implied, including, but not limited to, the implied warranties of
    merchantability or fitness for a particular purpose.
    The views and opinions expressed in this newsgroup posting are mine and do
    not necessarily express or reflect the views and / or opinions of
    Microsoft.
    ****************************************************************************
    **
  4. Archived from groups: microsoft.public.win2000.setup (More info?)

    David,

    Thank you very much.

    Chad
    >-----Original Message-----
    >When you have a windows 2000 domain, the default policy
    is that any domain
    >user and add upto 10 computers to the domain. You can
    turn this capability
    >off by modifying the default domain policy. To do this,
    under
    >administative tools open the "Default Domain Policy" and
    the expand "Local
    >policies", select "User Rights Assignment", in the right
    window you will
    >see a list of rights. One of the rights is "Add
    Workstations to Domain",
    >double click and the remove all users and groups that
    you do not want to
    >have this capability.
    >
    >
    >
    >
    >*********************************************************
    *******************
    >*
    >David Thompson [MSFT]
    >Microsoft Server Setup Team
    >
    >Search our Knowledge Base at
    http://support.microsoft.com/directory
    >Visit the Windows 2000 Homepage at
    >http://www.microsoft.com/windows2000/default.asp
    >See the Windows NT Homepage at
    http://www.microsoft.com/ntserver/
    >
    >NOTE: Please reply to the newsgroup and not directly to
    me. This allows
    >others to add to and benefit from these threads and also
    helps to ensure a
    >more timely response. Thank you!
    >
    >This posting is provided "AS IS" without warranty either
    expressed or
    >implied, including, but not limited to, the implied
    warranties of
    >merchantability or fitness for a particular purpose.
    >The views and opinions expressed in this newsgroup
    posting are mine and do
    >not necessarily express or reflect the views and / or
    opinions of
    >Microsoft.
    >*********************************************************
    *******************
    >**
    >
    >
    >.
    >
Ask a new question

Read More

Domain Cases Microsoft Windows