Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

group policy 2

Status
Not open for further replies.
Fabit

Fabit

Technical User
Nov 22, 2005
95
US
Is there a policy that I can let users add computers to a domain. and if there is? what is the name of it under active directory group policy?

most appreciate,
 
Sort by date Sort by votes
You would need to use the "Delegate Control" tool and give appropriate permissions. I believe you would do this in the default "Computers" container... not 100% sure... Hope this helps-
Brandon
 
Upvote 0 Downvote
I went to delegates added the users that I want to delegate control to and clicked next and I saw a whole bunch of options. I just want to give the users I picked the right to add computers to domains not change anything in active directory. what do you think I should pick?
 
Upvote 0 Downvote
Create a new security group, add the users you want to have the authority to add machines to the domain. then open the Default Domain Controllers policy. Expand Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ User Rights Assignment. Edit the policy "Add Workstations to the Domain". Add the the new security group here and you should be good. It probably already has the authenticated users group applied, this is a bit of a problem as outlined in the following post:


RoadKi11
 
Upvote 0 Downvote
Ok here is what I did. I added an organizational unit to my ad and I placed the two users in there. Then I edited the default group policy under that organizational unit and added to that policy called "add Workstations to the Domain" It is still not working. the user are still not able to computers to the domain.
 
Upvote 0 Downvote
Im sure you can only do this at the "Default Domain Controllers Policy", probably wont work from a sub OU.

RoadKi11
 
Upvote 0 Downvote
I did not now about the security problem by microsoft thank you, but I know they tried joining computers in the defualt domain policy and it worked for a couple of days and it stoped working for them. Now, I need them to do it and I added the policy, but it is still not working.
 
Upvote 0 Downvote
Fabit, are you sure you are enforcing that policy? I wouldn't play with the default policies too much though. Could create problems as explained here:

faq329-6116

Just make sure the policy is enforced, if necessary, you may need to "gpupdate /force" on domain members (computers) for the settings to take place immediately (reboot may be required).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
352
rrmcguire
rrmcguire
phil3000
  • Locked
  • Question
Screensaver Via Group Policy
Replies
1
Views
239
markdmac
markdmac
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
188
markdmac
markdmac
usrinu
  • Locked
  • Question
applied wallpaper group policy
Replies
1
Views
171
SamBones
SamBones
RdFromK
  • Locked
  • Question
GroupPolicy error 1065 with Windows SBS CSE Policy
Replies
2
Views
369
RdFromK
RdFromK

Part and Inventory Search

Sponsor

Back
Top