?
Solved

Problem with Joining Domain

Posted on 2008-10-16
7
Medium Priority
?
235 Views
Last Modified: 2013-12-04
We have a network where a user without Administrative privleges is able to join computers that he reformats on the domian. We don't know how he is doing it and need to prevent him from doing this and also need to know how he is doing this before we contact the managment. Besideds Administrator's privilages what other methods are there? Also is there anything on windows Event Logs that we can be looking for? We also noticed that his newly rebuilded computer has port 2002 open on it.
0
Comment
Question by:mavrukin
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
mirzas earned 2000 total points
ID: 22732283
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732305
In ADUC check his account properties and hit the member of tab, what security groups is he a member of?  You can start there...Account Operator privledges and Allow join computers to domain are other options that would allow that user to join computers to the domain...
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732324
But that is limited to only ten, it sounds like he has passed that limit?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
LVL 6

Expert Comment

by:mirzas
ID: 22732356
Then just set it to zero.
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22732365
The limit is 10 different hostnames not ten times the same hostname.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22748971
HI, thank you for the responses. No he has not passed this limit. We need to lock his account to the way it was before. In ADUC he is not a member of anything. However ms-ds-machineaccountquota has been altered. How do we change it back to Not Set? Right now he has a long binary code. Even if you switch it to decimal it still shows about 30 groups of 3 digit numbers.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22750062
Sorry, I meant ms-DS-CreatorSID has been altered.
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
Watch the working video to know how to import Outlook PST/OST files to Amazon WorkMail. Kernel released this tool which is very easy to use and migrate single or multiple PST and OST files to Amazon WorkMail. To know more about Kernel Import PST to …

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question