Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to restrict a domain account to only allow join workstations

Status
Not open for further replies.
fs483

fs483

Technical User
Jul 7, 2002
977
CA
Hello,

I'm trying to figure out how I can restrict a domain account that will be allowed to join workstations to a domain. We want to allow one of the more knowledgeable employees to be able to join workstations to a domain yet we don't want him to have full admin privileges. How can we do that ?

Thanks
akwong
 
Sort by date Sort by votes
Create an OU and delegate rights to that OU to the user. You can choose to add machines in the Custom Delegation settings.

delegate.jpg


I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
BTW - IIRC, user accounts already have the ability to add up to 10 workstations to the domain.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
How about restricting junior admins to certain functions like unlocking accounts, resetting passwords ?
 
Upvote 0 Downvote
Akwong, you need to run the delegation wizard and look at the options there.

An alternative is to use ASP pages that have admin rights. Use NTFS permissions to restrict who has access to the pages. I've done this for a number of customers. It allows me to give non-admins specific abilities through custom tools rather than assigning their IDs elevated rights.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
861
goombawaho
goombawaho
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
480
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
530
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
616
DrB0b
DrB0b
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
266
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top