[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Allow only desktop administrators to "add workstations to a domain" but prevent them from adding servers to the 2003 domain??

Allow only desktop administrators to "add workstations to a domain" but how can prevent them from adding Windows 2000/2003 servers to the 2003 domain??
0
cmkmfg
Asked:
cmkmfg
1 Solution
 
SembeeCommented:
I don't think you can. The domain will not know what sort of system the machine is until after it has joined.

Simon.
0
 
JamesDSCommented:
cmkmfg
The permissions you are seeking are not possible.

The permissions needed to join a workstation to the domain is essentially, create machine account, reset machine account password and reset DNS name on machine account.

A machine account is the same for Workstation and Server and is not identified as a server until it logs in for the first time (ie first reboot after a successful join).

If you store servers and workstations in different OUs you could limit addition of new computer accounts to the Servers OU, but that wouldn't stop servers being put into the wrong OU.

Cheers

JamesDS
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now