Security for adding workstations

TheMSsForum.com: The Microsoft Software Forum

We presently have Active Directory in a single domain model. We are assigning security to our remote sites at the OU level. Meaning each site has their own OU and they have Full Control over their OU. We are having problems with our LAN admins ability to add workstations to the domain. As you know, by default, the workstations get put into the "computers" directory when adding them to the domain. We do not want to give LAN admins that access and would like them to be able to add the workstation directly to their OU. Any ideas??
Top

Security for adding workstations by ADHD

ADHD
Thu May 06 16:44:16 CDT 2004

Any ideas?

The mose obvious idea is to give each remote site their
own domain.

Any reason not to?
Top

Re: Security for adding workstations by Brendon

Brendon
Thu May 06 21:31:57 CDT 2004

Windows 2003 allows you to do this.

Otherwise if you RIS computers you can control which OU the account gets
created in.

"Ad security goob" <anonymous@discussions.microsoft.com> wrote in message
news:E0AF27D3-158B-473F-92A2-1B0FE596389F@microsoft.com...
> We presently have Active Directory in a single domain model. We are
assigning security to our remote sites at the OU level. Meaning each site
has their own OU and they have Full Control over their OU. We are having
problems with our LAN admins ability to add workstations to the domain. As
you know, by default, the workstations get put into the "computers"
directory when adding them to the domain. We do not want to give LAN admins
that access and would like them to be able to add the workstation directly
to their OU. Any ideas??


Top

Re: Security for adding workstations by Spyke

Spyke
Fri May 07 09:05:52 CDT 2004

"=?Utf-8?B?QWQgc2VjdXJpdHkgZ29vYg==?="
<anonymous@discussions.microsoft.com> wrote in
news:E0AF27D3-158B-473F-92A2-1B0FE596389F@microsoft.com:

> We presently have Active Directory in a single domain model. We are
> assigning security to our remote sites at the OU level. Meaning each
> site has their own OU and they have Full Control over their OU. We are
> having problems with our LAN admins ability to add workstations to the
> domain. As you know, by default, the workstations get put into the
> "computers" directory when adding them to the domain. We do not want
> to give LAN admins that access and would like them to be able to add
> the workstation directly to their OU. Any ideas??
>

Train the remote admins to create the computer accounts in the correct OU
before joining the computer to the domain. Then you don't need to worry
about giving them access to the Computers container.

--

Cheers,
Spyke
Top