Solved

Problem with Joining Domain

Posted on 2008-10-16
7
225 Views
Last Modified: 2013-12-04
We have a network where a user without Administrative privleges is able to join computers that he reformats on the domian. We don't know how he is doing it and need to prevent him from doing this and also need to know how he is doing this before we contact the managment. Besideds Administrator's privilages what other methods are there? Also is there anything on windows Event Logs that we can be looking for? We also noticed that his newly rebuilded computer has port 2002 open on it.
0
Comment
Question by:mavrukin
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
mirzas earned 500 total points
ID: 22732283
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732305
In ADUC check his account properties and hit the member of tab, what security groups is he a member of?  You can start there...Account Operator privledges and Allow join computers to domain are other options that would allow that user to join computers to the domain...
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732324
But that is limited to only ten, it sounds like he has passed that limit?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:mirzas
ID: 22732356
Then just set it to zero.
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22732365
The limit is 10 different hostnames not ten times the same hostname.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22748971
HI, thank you for the responses. No he has not passed this limit. We need to lock his account to the way it was before. In ADUC he is not a member of anything. However ms-ds-machineaccountquota has been altered. How do we change it back to Not Set? Right now he has a long binary code. Even if you switch it to decimal it still shows about 30 groups of 3 digit numbers.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22750062
Sorry, I meant ms-DS-CreatorSID has been altered.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question