• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 327
  • Last Modified:

Block access to active directory computers container

Hello,
I'd like to come up wiht a way to prevent technicians from joining computers to the domain and having the computer go into the default Computers container. We have a group that has been delegated access, and I tried to remove the delegated permissoins and just put them on the top level OU that contains our computer accounts. So, there are no more permissions applies to the default COMPUTERS container, but they can still add computers whihc end up there. I even tried to add explicit deny permissions, but that did not help.

Please post any possible solutions, or let me know if you need more details.

Thanks!
0
tmazowski
Asked:
tmazowski
  • 2
1 Solution
 
Mike KlineCommented:
Have you looked at redircmp  

http://technet.microsoft.com/en-us/library/cc770619(v=ws.10).aspx

You can have them put into an OU you choose instead of the default computers container.

Thanks

Mike
0
 
McKnifeCommented:
Hi.

Are you aware that any domain user can join up to 10 workstations to the domain by default? Have you read http://networkadminkb.com/KB/a75/how-to-allow-specific-users-to-add-workstations-to-domain.aspx ?
0
 
tmazowskiAuthor Commented:
McKNife,

Yes, I was aware, but these techs have long surpassed the 10 workstations. I think we even disabled the ability for domain users when the AD was put in place several years ago.

TM
0
 
McKnifeCommented:
Please read the entire article. They tell you how to modify ACLs on that container to solve your problem - that is not the same as modifying delegations.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now