Configure admin account to have permissions to join machines to domain, but nothing else. Possible?
Posted on 2006-05-23
We have sysprep'd a VM image that automatically (via sysprep.inf) joins the new VM's to the domain using a cloned domain admin account
at the the moment it has full admin privileges.
Is it possible to configure this user account to ONLY be able to join machines to the domain, and NOTHING else?
(worth doing as the hash of the pass is in the sysprep.ini file, & NTLM rainbow tables are getting quite complete these days.)