"add workstations to domain" group policy restriction

J

Johnny Chow

Hi,
I want to prevent people to add computer or remove computer from
network. I saw domain and domain controler group policies, "user
rights" -> "add worksttations to domain" so I removed everything and
added only my user ID with Admin privilege into the list. However, I
still can add computer to domain by using regular domain user. Is there
anything I need to do besides domain and domain controller policies.
I curious which group policy has higher precedence. Any help or
information will be appreciated to restrict add and remove workstations
to domain.

Thank you in advance,

Regards,

Johnny Chow
 
S

Steven L Umbach

Hi Johnny.

Try do that in Domain Controllers Security Policy and then running " secedit
/refreshpolicy machine_policy /enforce" on the domain controller when done.
Also be sure that the user is not a member of any domain administrator
groups. --- Steve
 
J

Johnny Chow

Hi Steven,

I tried it out and unforturnately it did not work. Somehow I do not
understand what you mean "the user is not a member of any domain
administrator." Do you imply I should use any regular user account to
logon to the doman controller and running "secedit /refreshpolicy
machine_policy /enforce".

Thank you,

Johnny Chow
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

password local policy in domain 2
Default Domain Policy 2003 7
Adding group/user to local Admins group on all workstations? 4
subdomain group policy 3
Edit Registry Through Group Policy 0
Group policy application off a domain 0
Group Policy and Local Policy 2
difference policies 3

Top