I want to allow users to add their Windows 2000 Professional workstations into the Domain using an account I have created. I have created a GPO for the Container that will contain the workstations and have granted User Account AddWorkstation the following permissions 1. Reset Password 2. Validated write to DNS hostname 3. Validated write to service principal name I add these permissions to the Container for the workstation and all Child containers.
After the computer account is created on the Domain I add the permission 'Write Account Restrictions' to the computer object and then the user can join the computer to the Domain. Is there a way I can assign all four permissions once and have them replicate to all other computer objects found in the container? At the container level 'Write Account Restrictions' does not seem to be available. Can I create a script file that: Creates the computer account and sets the permission on the computer object? If so can you point me to how this might be completed. Thanks. Jim . Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
