<div>
Hi Wibble_,<br />
<br />
you can try using the delegation of control wizard in AD under the OU where the user account resides
</div>


Hi Wibble_,

you can try using the delegation of control wizard in AD under the OU where the user account resides

<div>
<div class="content wysiwyg-content">
We have sysprep'd &nbsp;a VM image that automatically (via sysprep.inf) joins the new VM's to the domain using a cloned domain admin account <br />
<br />
at the the moment it has full admin privileges. <br />
<br />
Is it possible to configure this user account to ONLY be able to join machines to the domain, and NOTHING else?<br />
<br />
(worth doing as the hash of the pass is in the sysprep.ini file, &amp;&nbsp;NTLM rainbow tables are getting quite complete these days.)<br />
<br />
W.
</div>
</div>


We have sysprep'd  a VM image that automatically (via sysprep.inf) joins the new VM's to the domain using a cloned domain admin account 

at the the moment it has full admin privileges. 

Is it possible to configure this user account to ONLY be able to join machines to the domain, and NOTHING else?

(worth doing as the hash of the pass is in the sysprep.ini file, & NTLM rainbow tables are getting quite complete these days.)

W.

Configure admin account to have permissions to join machines to domain, but nothing else. Possible?

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).