It sounds like you maybe need to modify the Domain Controller Security Policy and
remove Authenticated Users (and the security group you created if you've placed them
in here) from Add Workstations under Security Settings/Local Policies/User Rights
Assignment ... This will prevent users, and
The web script authenticates against AD and checks for group membership in
the Join Computer to the Domain group. If they are members of the group
they are allowed to create the computer account. Their userid is used for
the creation of the computer account.
This group (Join Computer to the
Roger,
I do not want them to join the domain by using My network Places. If they
pre-create the computer account in the appropriate OU using the web page
they are able to join the domain. This forces them to name their computers
according to the naming standards and create the computer account
Hello,
Maybe the collective minds here can come up with something.
I have given a group (Join Computers to the Domain group) the rights to join
computers to the domain through the Default Domain policy. Only this group
has rights to join computers to the domain.
I have created a web page
You may want to look into changing the default msDS-MachineAccountQuota.
This setting allows any user to create 10 computer accounts by default.
You can change this via a script, LDP or ADSI edit. If you change the
default value to 0 then your delegation model will probably work but the
default
Wouldn't this prevent all users from creating computer accounts? I do not
want to prevent them from creating them, just prevent them from creating
them in the computers container.
Greg Felzer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sullivan,