Wibble_
asked on
Configure admin account to have permissions to join machines to domain, but nothing else. Possible?
We have sysprep'd a VM image that automatically (via sysprep.inf) joins the new VM's to the domain using a cloned domain admin account
at the the moment it has full admin privileges.
Is it possible to configure this user account to ONLY be able to join machines to the domain, and NOTHING else?
(worth doing as the hash of the pass is in the sysprep.ini file, & NTLM rainbow tables are getting quite complete these days.)
W.
at the the moment it has full admin privileges.
Is it possible to configure this user account to ONLY be able to join machines to the domain, and NOTHING else?
(worth doing as the hash of the pass is in the sysprep.ini file, & NTLM rainbow tables are getting quite complete these days.)
W.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can try using the delegation of control wizard in AD under the OU where the user account resides