Too cool. I like this A LOT! And, *I'd* get fired in a heartbeat for doing it! :-D
But, I still LIKE IT! Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Friday, July 25, 2003 10:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Do you allow users to add computers to AD themselves? We allow local site admins to create and join workstations. We require them to submit tickets to the domain admins to create server objects. We have a script that scans the domains and if we find server objects in workstation OU's (i.e. not created by the domain admins) we put them in jail - i.e. an OU only enterprise admins have access to and wipe the ACL on the server object and disable it. It prevents them from using it and reusing the name. Also if we find workstations not following the standards we jail them as well. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, July 25, 2003 7:04 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Do you allow users to add computers to AD themselves? We're having some internal debates at work and I'm curious how other people do it and their reasons. I know authenticated users can add up to 10 computers to AD, but do you leave it at that or restrict it to some type of admin group? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/