Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain User Add Computers To Domain?

Posted on 2007-03-27
8
Medium Priority
?
1,351 Views
Last Modified: 2009-08-17
Windows 2003 Domain Controller, all computers in domain are Windows XP.

We have two new people in our group that we would like to be able to add computers to our domain.  They are regular "Domain Users", and we would like to keep them as such.  They will be adding computers via Control Panel >> System on the computer that is to be added.  How may we accomplish this?

I saw some threads regarding this, but it quickly got confusing.  I see that there is a policy on the DC at Domain Security Settings >> Security Settings >> User Rights Assignment that says "Add workstations to domain".

Will setting this policy (it is currently "not defined"):

a) OVERRIDE the default settings (as in, will I need to add Domain/Enterprise Admins to this policy as well?  or just those ADDITIONAL users I want to be adding computers?)

b)  Accomplish what I stated above.

Thank you.
0
Comment
Question by:dpsit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 11

Accepted Solution

by:
AnthonyP9618 earned 1000 total points
ID: 18805167
Hello dpsit,

From a Newsgroup posting... http://groups.google.com/group/microsoft.public.windows.server.security/browse_thread/thread/efdfa32218673cd6/6a3a3329faf3c83e%236a3a3329faf3c83e

Create new group called e.g. "Add Workstation to Domain" and all the
accounts from your helpdesk to this group. Now edit "Default Domain
Controller" group policy under "Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights Assignment\". Here
look for policy named "Add workstations to domain" and double click on it.

Now add the group that you created (e.g. named "Add Workstation to Domain")
to this policy.

Wait for the replication to finish between the DCs and your help desk
personnel is now able to add workstations to domain.

Here is some more information on the policy.

Add workstations to domain
http://technet2.microsoft.com/WindowsServer/en/library/7207aa3e-d95d-4176-a1ca-bc629f1ca6981033.mspx?mfr=true
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18805171
by default a domain user can do what you are asking, you do not need to configure that policy
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18805173
too quick for me....
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18805178
:)

BTW... It's good to be back Jay!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18805185
Goood mate :)
0
 
LVL 5

Expert Comment

by:IvanVillamizar
ID: 18805408
10 times, only. If the users need to add more than 10 workstations, then you need eiither the policy or perrmissions to create computer objects in the OU where you want them to join computers.
If they are going to add less than 10 workstations to the domain, then as stated above, nothing needs to be done.
0
 
LVL 4

Expert Comment

by:jmhquest
ID: 18805742
You may want to use a combination of setting the "add workstations to domain" user right on the default domain controllers policy (Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment) and granting the "Create Computer Objects" permission on the AD Computers container.

This MSDN page may be helpful: http://msdn2.microsoft.com/en-us/library/ms813615.aspx

Cheers.
0
 
LVL 4

Expert Comment

by:jmhquest
ID: 18805757
Another Microsoft KB article you may find useful:

Enhanced security joining or resetting machine account in Windows 2000 domain

http://support.microsoft.com/kb/238793
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question