In Windows Server 2008 Domain users can join 10 workstation or server to a Domain. This means that any user who logs on to the domain as a User and is authenticated can add workstations or server to the domain without needing administration privileges. So user has the permission to join 10 workstation to a domain by default. To change this permission please follow below screen shots.
Go to Start > Administrative Tools > ADSI Edit
Right Click and click on connect to....
Just click on OK.
Right Click on and go to properties
Select ms-DS-MachineAccountsQuota 10.
Click on Edit.
Convert it to 0
Click on Apply & OK.
Now other Domain user will not be able to add workstation to a domain.
No comments:
Post a Comment