No offense taken, I'm not average. I'm one of the worst users you know. :oP
Heh. Couldn't resist. Happy Tuesday. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, July 28, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Do you allow users to add computers to AD themselves? David, I change the default value because I only want Technical Services staff (whom I delegate the permissions and the right) and Domain Admins to be able to add machines. Otherwise, I want to know that it's going to happen - and one can request that a computer object be created and Lan Administration will create it. To accomplish this, I remove the ability of anyone else to be able to join machines and reduce the value to 0(zero) so that the average Joe (no offense, Joe) cannot add a machine as by default, they can add up to 10. Not on my network, they can't.... ;P Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Monday, July 28, 2003 1:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Do you allow users to add computers to AD themselves? Rick, I'm curious why you take the extra step of changing the default value? Just extra cautious or is limiting it via the User Right not reliable? >As a practice of our environment, the less interaction the users have >with our AD, the better. I've taken the default 10 to 0, and have a >group for our Technical Services people created and delegated so that >they can manage and maintain RISing of systems as well as the joining >and removal of systems >as part of their responsibility in the company. > >Rick Kingslan MCSE, MCSA, MCT >Microsoft MVP - Active Directory >Associate Expert >Expert Zone - www.microsoft.com/windowsxp/expertzone > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of David Adner >Sent: Friday, July 25, 2003 6:04 PM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] Do you allow users to add computers to AD >themselves? > >We're having some internal debates at work and I'm curious how other >people do it and their reasons. I know authenticated users can add up >to 10 computers to AD, but do you leave it at that or restrict it to >some type of admin group? > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ -- David List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
