Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  How to Prevent Authenticated Users from Joining Workstations to a Domain

How to Prevent Authenticated Users from Joining Workstations to a Domain

How to Prevent Authenticated Users from Joining Workstations to a Domain

 

I asked myself what is benefit from this option "by default, Windows Server allows authenticated users to join 10 machine accounts to the domain". But I didn't get an answer.

Table of Contents

Administrator can control it with two ways

1-By Adsiedit

  • Start – Administrative Tools – ADSI Edit
  • Right click Domain Name - Properties
  • Attribute Editor Tab - ms-DS-MachineAccountQuota – Click Edit – set to 0 –press ok

Pic01

Pic02

Pic03

Pic04

Note:

That users in the Administrators or Domain Administrators groups, and those users who have delegated permissions on containers in Active Directory to create and delete computer accounts, are not restricted by this limitation.

2-By Group Policy

  • Click Start – All programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration – Policies – Windows Settings – Security Settings – User Rights Assignment
  • From right pane right click on Add workgroup to domain – Properties – Add User or Group or remove unwanted user or group

Pic05

Pic06

This article was originally posted at http://mabdelhamid.wordpress.com/2011/11/09/how-to-prevent-authenticated-users-from-joining-workstations-to-a-domain/

, , , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 1 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 24 Aug 2012 12:14 PM

    M.Abdelhamid edited Revision 10. Comment: edit

  • 23 Dec 2011 2:19 PM

    M.Abdelhamid edited Revision 8. Comment: Non English Language

  • 13 Dec 2011 11:36 PM

    M.Abdelhamid edited Revision 7. Comment: add tags

  • 30 Nov 2011 10:44 PM

    M.Abdelhamid edited Revision 5. Comment: Tags

  • 30 Nov 2011 10:41 PM

    M.Abdelhamid edited Revision 4. Comment: Tags, Format

  • 9 Nov 2011 10:45 PM

    Ed Price - MSFT edited Revision 1. Comment: TOC

Page 1 of 1 (6 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Page 1 of 1 (11 items)