Solved

Adding machines to domains for non-Administrators

Posted on 2006-06-16
10
304 Views
Last Modified: 2010-04-11
Hi,

we are running Server 2003 with AD and are having difficulty trying to set up a policy so that non-Administrators can add machines to the domain.

We have set the following policy on the DC:

Default Domain Policy\Windows Settings\Security Settings\Local Policies/User Rights Assignments\Add work stations to domains.

We have a security group configured for users that require this and have added it to the policy. However, they are still unable to add machines to the domain.

Is there anywhere else taht this should be done?

Any advice greatly appreciated.

Thanks

Lewis Hardwick
0
Comment
Question by:LFMSupport
10 Comments
 
LVL 13

Expert Comment

by:marine7275
ID: 16920670
I have never heard of such a thing. I have an understanding that you have to be a domain admin to add machines to the domain.????
0
 
LVL 1

Author Comment

by:LFMSupport
ID: 16920841
Agree'd that was my impresion. But I have definately spotted it.

I've uploaded a screen-shot so you can see where I mean.

<a href="http://img514.imageshack.us/my.php?image=adpolicy7ku.jpg" target="_blank"><img src="http://img514.imageshack.us/img514/844/adpolicy7ku.th.jpg" border="0" alt="Free Image Hosting at www.ImageShack.us" /></a>
0
 
LVL 1

Author Comment

by:LFMSupport
ID: 16920858
OK, that didn't quite work...
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:LFMSupport
ID: 16920874
0
 
LVL 32

Expert Comment

by:jhance
ID: 16921395
You need NOT be an administrator to add workstations to the domain.  You need ONLY the "Add Workstation to Domain" user account privilege.  See:

http://www.netswitcher.com/V3/V3FAQ/netswitcher_v3_faq.htm#ADDOMAIN

for details on how to add this right to user accounts on the domain.
0
 
LVL 12

Expert Comment

by:NetAdmin2436
ID: 16923836
Interesting, didn't know you can do that...

Instead of messing with the default domain policy, how about create a new group policy in your domain. Make sure you add the non-admin security group on the security tab of the new group policy  and make sure the group is checked to 'apply group policy'. Then make sure that the new group policy is below the default domain policy in the link order, to ensure the new group policy isn't overridden.

Hope this helps
0
 
LVL 13

Expert Comment

by:prashsax
ID: 16923954
You can delegate the rights to a group.

Just right click on the domain name in Active Directory users and computers.

Select delegate Control.
Select the right of add workstation to domain, and select the group to which this permissions is to be delegated.

That it, after this all users in that group could add workstation to domain.
0
 
LVL 2

Expert Comment

by:Dave Robinson
ID: 16942156
You're applying this to the Default Domain Policy.

Try applying this to the Default Domain Controllers Policy in the Domain Controllers OU.
0
 
LVL 3

Accepted Solution

by:
iwontleaveyou earned 125 total points
ID: 16954648
Dont provide this pilocy on the domain.

Insted Open teh Default domain controller security policy under the Administrative tool on windows 2003 domain controller.

In that add teh security group to the policy User rights assingment--> Add workstation to domain---> Add Your security group Here.

and this will work.

Best Of Luck

Regards
Nitesh
0
 
LVL 1

Author Comment

by:LFMSupport
ID: 16991479
Thanks Nitesh. That nailed it!

Regards

Lewis
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question