As everybody knows. Domain admins are the only group who can join the clients computers to the domain. Unfortunately I found out that many domain admins don’t
Know that this is not totally right.
 |
| Network Security is the most important topic nowadays |
The truth is : there is a default policy in their domains to allow domain user to join 10 machines to the domain without administrator privileges and by default it's Enabled. This is really a nightmare for the domain admins because in a specific moment they will find out that some laptops and portable devices are inside their domain environment accessing their network resources and printing and acting as the normal joined pc and who knows what's inside these laptops ( viruses, Malewares, Spywares) So to get rid of this headache you need to follow the next steps:
Assign rights using the Default Domain Group policy:
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.
3. Expand User Rights Assignment.
4. Double-click Add workstations to Domain.
5. Check the Define these policy settings box.
6. Press the Add User or Group button.
7. Complete the dialog to add the user or group.
8. Press Apply and OK.
Delegate rights using active directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.
3. Press Next.
4. Press Add.
5. After adding all the users and/or groups, press Next.
6. Select Create custom task to delegate and press Next.
7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.
8. Check the Create all child object box and press Next.
9. Press Finish.
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.
3. Expand User Rights Assignment.
4. Double-click Add workstations to Domain.
5. Check the Define these policy settings box.
6. Press the Add User or Group button.
7. Complete the dialog to add the user or group.
8. Press Apply and OK.
Delegate rights using active directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.
3. Press Next.
4. Press Add.
5. After adding all the users and/or groups, press Next.
6. Select Create custom task to delegate and press Next.
7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.
8. Check the Create all child object box and press Next.
9. Press Finish.
0 comments:
Post a Comment