Posted on 2007-11-22
In my company I want to give the support people privilege to take computers into domain(2003 server). For that I have seen some previous answers also in this experts-exchange. I created a test user (join) and created a domain level policy ÃƒÂ¢Ã‚Â€Ã‚Âœ Allow this user to join computers into domainÃƒÂ¢Ã‚Â€Ã‚Â and specified this user ÃƒÂ¢Ã‚Â€Ã‚ÂœjoinÃƒÂ¢Ã‚Â€Ã‚Â, but when I tried to take the computer into domain it is giving error ÃƒÂ¢Ã‚Â€Ã‚ÂœAccess DeniedÃƒÂ¢Ã‚Â€Ã‚Â to me, then I tried to give it through Delegate control to the same users "join" but still it is giving the same ÃƒÂ¢Ã‚Â€Ã‚ÂœAccess DeniedÃƒÂ¢Ã‚Â€Ã‚Â can any one help me because i tryed everything to solve this but was not able to solve it,
Other policy is I created a restricted group policy, so that when ever a support user login to the computer he should become administrator automatically, but the problem is after implementing this policy people who were there in the local system administrator group were removed from it and only the persons who are specified in the restricted group were added, is it possible that all the persons who were there in the local admin group should not be removed but the users whom I gave the privilege should be added .
Quick reply will be appreciated.