DENY ADD COMPUTERS TO DOMAIN
Posted on 2007-11-29
I want to only allow just two domain adminstrator accounts to be able to add computers to the domain, be it from the workstation itself or from an answer file during desktop deployment (RIS, WDS etc). I have removed 'authenticated users' from my 'default domain controller policy' 'Add workstations to domain' and left just Domain Admins but any user can still add computers to domain and authenticate WDS installs.
Is there another policy I should set somewhere?