2000 upgrade - auto join domain

[Guest]

Archived from groups: microsoft.public.win2000.setup (More info?)

Today I ran into a case where an employee went out and
bought a 2000 upgrade to upgrade their own 98 system.

It appears that the 2000 upgrade automatically joined the
domain (became a member, created a SID). This is not
good in the corporate world..where an end user can just
go by a 2000 upgrade and install it have it automatically
create a machine account without the Network
administration knowing until after the fact.

Is there a way to stop this, before it happens again?

 

[Guest]

Archived from groups: microsoft.public.win2000.setup (More info?)

In article <01eb01c48ae4$4f70b6e0$a601280a@phx.gbl>, cshutts@lcounty.com
says...
> Today I ran into a case where an employee went out and
> bought a 2000 upgrade to upgrade their own 98 system.
>
> It appears that the 2000 upgrade automatically joined the
> domain (became a member, created a SID). This is not
> good in the corporate world..where an end user can just
> go by a 2000 upgrade and install it have it automatically
> create a machine account without the Network
> administration knowing until after the fact.
>
> Is there a way to stop this, before it happens again?

They can't join the domain without a user/password that has permission
to join the domain, at least not that I've seen. What server roles
(groups) is that user a part of, or what user/password did they enter
when asked?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: microsoft.public.win2000.setup (More info?)

they are in one (limited access) group, and have no
access to a admin username and password.

That is why this is so troubling to me. It was a
maitenance man that just went to staples or bestbuy and
bought the upgrade and installed it.

>-----Original Message-----
>In article <01eb01c48ae4$4f70b6e0$a601280a@phx.gbl>,
cshutts@lcounty.com
>says...
>> Today I ran into a case where an employee went out and
>> bought a 2000 upgrade to upgrade their own 98 system.
>>
>> It appears that the 2000 upgrade automatically joined
the
>> domain (became a member, created a SID). This is not
>> good in the corporate world..where an end user can
just
>> go by a 2000 upgrade and install it have it
automatically
>> create a machine account without the Network
>> administration knowing until after the fact.
>>
>> Is there a way to stop this, before it happens again?
>
>They can't join the domain without a user/password that
has permission
>to join the domain, at least not that I've seen. What
server roles
>(groups) is that user a part of, or what user/password
did they enter
>when asked?
>
>--
>--
>spamfree999@rrohio.com
>(Remove 999 to reply to me)
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.setup (More info?)

When you have a windows 2000 domain, the default policy is that any domain
user and add upto 10 computers to the domain. You can turn this capability
off by modifying the default domain policy. To do this, under
administative tools open the "Default Domain Policy" and the expand "Local
policies", select "User Rights Assignment", in the right window you will
see a list of rights. One of the rights is "Add Workstations to Domain",
double click and the remove all users and groups that you do not want to
have this capability.




****************************************************************************
*
David Thompson [MSFT]
Microsoft Server Setup Team

Search our Knowledge Base at http://support.microsoft.com/directory
Visit the Windows 2000 Homepage at
http://www.microsoft.com/windows2000/default.asp
See the Windows NT Homepage at http://www.microsoft.com/ntserver/

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose.
The views and opinions expressed in this newsgroup posting are mine and do
not necessarily express or reflect the views and / or opinions of
Microsoft.
****************************************************************************
**

 

[Guest]

Archived from groups: microsoft.public.win2000.setup (More info?)

David,

Thank you very much.

Chad
>-----Original Message-----
>When you have a windows 2000 domain, the default policy
is that any domain
>user and add upto 10 computers to the domain. You can
turn this capability
>off by modifying the default domain policy. To do this,
under
>administative tools open the "Default Domain Policy" and
the expand "Local
>policies", select "User Rights Assignment", in the right
window you will
>see a list of rights. One of the rights is "Add
Workstations to Domain",
>double click and the remove all users and groups that
you do not want to
>have this capability.
>
>
>
>
>*********************************************************
*******************
>*
>David Thompson [MSFT]
>Microsoft Server Setup Team
>
>Search our Knowledge Base at
http://support.microsoft.com/directory
>Visit the Windows 2000 Homepage at
>http://www.microsoft.com/windows2000/default.asp
>See the Windows NT Homepage at
http://www.microsoft.com/ntserver/
>
>NOTE: Please reply to the newsgroup and not directly to
me. This allows
>others to add to and benefit from these threads and also
helps to ensure a
>more timely response. Thank you!
>
>This posting is provided "AS IS" without warranty either
expressed or
>implied, including, but not limited to, the implied
warranties of
>merchantability or fitness for a particular purpose.
>The views and opinions expressed in this newsgroup
posting are mine and do
>not necessarily express or reflect the views and / or
opinions of
>Microsoft.
>*********************************************************
*******************
>**
>
>
>.
>