We have a desktop upgrade migration happening soon. We're using Ghost images and sysprep, and XP pro as our OS. We'll be using temporary staff to perform the actual migrations. As we're paranoid, we want the engineers to have as little access as possible.
They'll be using a domain user level account, Engineer. In the security policy, we've given the engineer account the right to add machines to the domain (Defaoult Domain Security Settings, Local Policies, User Rights Assignment) . What we've found is that if the PC, say PCxxx, is being added to the domain for the first time, all goes well, and the Engineer account can do it fine. However, when they try to re-add a PC, say if they make a hash of PCxxx in the post-Ghosting process, and need to re-image, they don't have rights to re-add the machine, and get a message saying they don't have sufficient rights. Can anyone help with this?
Many thanks
They'll be using a domain user level account, Engineer. In the security policy, we've given the engineer account the right to add machines to the domain (Defaoult Domain Security Settings, Local Policies, User Rights Assignment) . What we've found is that if the PC, say PCxxx, is being added to the domain for the first time, all goes well, and the Engineer account can do it fine. However, when they try to re-add a PC, say if they make a hash of PCxxx in the post-Ghosting process, and need to re-image, they don't have rights to re-add the machine, and get a message saying they don't have sufficient rights. Can anyone help with this?
Many thanks