Friday, October 27, 2006

Group Policy: Granting personnel the ability to Add Workstations to a domain

Whenever appropriate I like to enable people to serve themselves. I mean, do you really want your desktop support group calling you asking for domain admin privileges so they can add workstations to the domain? Of course not… nor should you be handing out domain admin privileges on demand (if you are, then you have an entirely different set of issues to deal with).

You can edit the default domain policy to allow personnel to “Add Workstations to a Domain”. Now there are other ways to accomplish this, but you can use this if you’re working with the domain policy.

1) Open Group Policy Management, and edit the Default Domain Policy.

Next, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and select "User Rights Assignment". Double-click on “Add Workstations to a domain". Put a check-mark in the "Define these policy settings", and specify the groups (or users) that you want allow users to add to the domain.

That’s it.

No comments: