G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello
Can any one help on this.

1.) In the My computer properties,"To rename the computer and join the
domain",CHANGE Button should be disabled for the Domain user Account
even he belongs to local administrator.
2.) Creation of local user account which should have permission for
adding and removing workstations to domain.

Thanks.
 

Deuce

Distinguished
Apr 18, 2002
1
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Not sure about your first question. I'm assuming that you are asking why a
domain account user has the ability to use the "Change" button for changing
the domain or workgroup when they don't have admin priviliges on a domain
level but are part of the local PC administrator group. From my experiences,
this is because when you assign a user the Admin privileges on a local
machine, they have the ability to anything to that PC. Doesn't mean they can
join another domain, unless they have domain level admin rights, but they can
put the PC into a workgroup. I make all of my users 'Power Users', so that
they can't do stuff such as that. I do have to modify the local PC group
policy to allow them to load drivers for printers and such, and it is a pain
when they need software installed because I have to log them off and log as
admin. But well worth it compared to the headache if I did otherwise.

Your second question is not possible, atleast I don't beleive. From my
experience in AD, you can't assign domain level admin privileges to a local
PC account. If others know how and can prove me wrong, I ask that they post,
because I would be interested in learning something new as well.

Sorry that my response wasn't a solution provider.

--
-------------------------------------------
I Frag just cuz I can!

Deuce


"aniladmin@gmail.com" wrote:

> Hello
> Can any one help on this.
>
> 1.) In the My computer properties,"To rename the computer and join the
> domain",CHANGE Button should be disabled for the Domain user Account
> even he belongs to local administrator.
> 2.) Creation of local user account which should have permission for
> adding and removing workstations to domain.
>
> Thanks.
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks for your replay Deuce

i want to clarify or give some information on my second question.

I want to restrict the user to add and disjoin to domain but the user
should have less admin priviliges. or else
Can i give priviliges to a users of Poweruser for adding and disjoin
rights to domain