Block access to active directory computers container

Hello,
I'd like to come up wiht a way to prevent technicians from joining computers to the domain and having the computer go into the default Computers container. We have a group that has been delegated access, and I tried to remove the delegated permissoins and just put them on the top level OU that contains our computer accounts. So, there are no more permissions applies to the default COMPUTERS container, but they can still add computers whihc end up there. I even tried to add explicit deny permissions, but that did not help.

Please post any possible solutions, or let me know if you need more details.

Thanks!
LVL 4
tmazowskiAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
Hi.

Are you aware that any domain user can join up to 10 workstations to the domain by default? Have you read http://networkadminkb.com/KB/a75/how-to-allow-specific-users-to-add-workstations-to-domain.aspx ?
0
 
Mike KlineCommented:
Have you looked at redircmp  

http://technet.microsoft.com/en-us/library/cc770619(v=ws.10).aspx

You can have them put into an OU you choose instead of the default computers container.

Thanks

Mike
0
 
tmazowskiAuthor Commented:
McKNife,

Yes, I was aware, but these techs have long surpassed the 10 workstations. I think we even disabled the ability for domain users when the AD was put in place several years ago.

TM
0
 
McKnifeCommented:
Please read the entire article. They tell you how to modify ACLs on that container to solve your problem - that is not the same as modifying delegations.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.