"Add Workstations to domain" Domain security policy??
Posted on 2004-04-27
I recently found out that all the users on my domain can add workstations to the doamin. I am running a Windows 2000/2003 domain. All DC's are Windows 2000 server boxes. After checking the domain security policy, I found that "Add workstations to domail" was not defined. I did define the policy but adding only domain admins and enterprise admins but it appears that I can add and remove machines from my domain using just a regular user. I did reload after defining the policy. Am i missing something or what is the best way to limit only admins to be able to add machines to the domain. Thanks in advance for your help. jt