Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Adding a workstation to domain

Status
Not open for further replies.
tryingtobetechy

tryingtobetechy

Technical User
Sep 3, 2001
24
GB
At present we are a NT house with 600 users.

We have a large IT department and some members are adding workstation to our domain without informing the relevant bodies.

We would like to restrict the amount of people who can add a workstation to our domain.

How do you recommend I complete this task?

Regards,

Darren
 
Sort by date Sort by votes
It requires either general Administrator account access or specific "add workstation to the domain" rights to add an NT workstation to an NT4 domain. Thus, my suggestions would be make sure your users aren't running with admin rights, and that the administrator account has a worthwhile password. Both of these will prevent a lot of grief in other areas, as well.
-Steve
 
Upvote 0 Downvote
By the way, sometimes Exchange, SQL, or other server-based services are (mis)configured to run under the Administrator account, which makes changing the password a non-simple evolution. You might want to go through and check the accounts used for various services before you go changing the password willy-nilly, or at least change the password and immediately test all services through re-starting them.
-Steve
 
Upvote 0 Downvote
Just how many of your 600 accounts have Administrator access?

Users outwith the IT dept should only be granted, at most, super user rights with all the admin type stuff turned off. I would also suggest you audit your user accounts to remove any legacy user ID's, disable Guest, rename Administrator to something hard to guess and add an empty account called Administrator with no rights (this really pisses off nosey parkers).

The administator password should be known to only 2 SENIOR people with a sealed copy kept in a safe.

I would also check your logs to see which account added the new users. If this is not activated you really need to review your audit settings.

One last thing, do you have a security policy in place?

B-)

Brian
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
673
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
590
Johnkite
Johnkite
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
496
Sparrow4
Sparrow4
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
514
nnaarrnn
nnaarrnn
quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
262
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top