JSI Tip 2685. Enhanced security when joining a domain in Windows 2000.

In Windows NT 4.0, anyone can add a computer to a domain, after the Administrator creates the machine account.

In Windows 2000, you must enter the user name and password of an account that has the right to add the computer to the domain.

You might wish to create an Installers global group whose members can add a computer to the domain:

01. In Active Directory Users and Computers, right click the Users folder and press New and Group.

02. Type Installers in the Group name box.

03. Use the default settings:

    Group scope is Global.
    Group type is Security.

04. Press OK.

NOTE: You may now add user accounts to the Installers group.

05. Select the Computers folder and press New and Computer.

06. Enter the computer name in the Computer name box.

07. Press the Change button.

08. Double-click the Installers group and press OK.

09. Press Next, Next, and Finish.

NOTE: When prompted for the user name and password of an account that has the rights to join a computer to the domain, use a member of the the Installers global group.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish