It all relates to two very specific reasons in our company - secure control of company assests (the network and AD) and liability. We provide specifically built computers to perform functions for our workers and we also have a staff of people who are paid to maintain them.
I don't want anyone bringing just anything in and plugging just any computer in (this also prevents, to a great degree, the rogue servers) without our knowledge. Also, the security of our environment I take very seriously - and I can't control what's on the network and in AD if I let just anyone with a logon to add computers to it. Finally, I can't, nor does the company want to, be respoinsible for our worker's personal systems. They can use them at home - I don't want the liability of them at work. Period. That's the long and short of it..... :-) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, July 25, 2003 7:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Why not allow users to add computers to AD? Like I thought, most people seem to not allow normal users add computers to AD. I'm curious why. For any specific concerns or just general precaution in wanting a more controlled Directory? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
