Is there a way to prohibit users from adding their WS to a workgroup?

[docsneid]

Most of our users are mobile users using cached credintials while they
are not connected to the network. (No local User Account) They are not
able to re-join the machine remotely to the AD if they accidently
removed it and joined the machine to a workgroup.
Is there a policy which can be set to prohibit to join a Workgroup
once a machine is setup in AD? I know about the policy "Add
workstation to domain" but couln't find something similar for a
workgroup. Or is this setting also able to handle this?

 

[Lanwench [MVP - Exchange]]

Don't give them local admin rights on their laptops, and then they can't do
anything at all like this.

 

[docsneid]

I know, but this wasn't the question. The problem is that there are
several reasons for giving them Admin rights. There is no other way.

 

[Torgeir Bakken (MVP)]

I know, but this wasn't the question. The problem is that there are
several reasons for giving them Admin rights. There is no other way.

Then your only option is to tell them not to do it.

 

[techguru100]

What about disabling the entire System control panel?

-----Original Message-----
no other way.

Then your only option is to tell them not to do it.

of the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter

 

[Lanwench [MVP - Exchange]]

They can still do it. What's the reason they need local admin rights? And
have you given every laptop user a stern talking-to about what they are and
are not permitted to do on their laptops? If they need admin rights,
absolutely, this is not a technical issue, it's a company policy one.