Re: How to audit who adds computers to domain

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Allen Ferdinand (allen.ferdinand_at_avizatechnology.com)
Date: 05/24/04 

Date: 24 May 2004 12:24:13 -0700

Thanks guys, I had missed the part about being able to add 10
computers. I found that right and fixed it with Hyena this morning.
I was really looking for which event id to search for. Now i've got
it. Now I just have to wait until Taiwan comes to life so that I can
start browsing their computers.
Again, thanks a lot.

"Steven L Umbach" <n9rou@nscomcast.net> wrote in message news:<CKbsc.18574$JC5.1688664@attbi_s54>...
> Enable auditing of acount managment events in your Domain Controller
> Security Policy and then look for event ID 645 in the security logs in Event
> Viewer on the domain controllers. You can use the free Event Comb from
> Microsoft to do this for multiple computers at a time. You may also want to
> make sure that the user right for "add workstations to the domain" is
> configured for only domain admins group as by default it is authenicated
> users which allows each user to add up to ten workstations by default. That
> user right setting ONLY works at the domain controller level. To get some
> clues look at the computer account in AD Users and Computers and look at the
> security/advanced - owner page and the object page which will tell you what
> day and time the account was created. --- Steve
>
> http://www.microsoft.com/technet/security/guidance/secmod144.mspx
>
> "Allen Ferdinand" <allen.ferdinand@avizatechnology.com> wrote in message
> news:725a41b7.0405230912.350cc1d6@posting.google.com...
> > I have a win2k AD network with 7 sites. In one site, I keep finding
> > that someone is adding computers to the domain. Is there an easy way
> > to find out who is adding computers? All of my people have sworn that
> > it isn't them. I've changed all admin passwords and checked security
> > in the computers folder so that this shouldn't be happening. Is there
> > a log entry that I can enable to track this?
> >
> > thanks much,
> > Allen

Relevant Pages

  • Re: Domain Password Security
    ... accounts need to use complex passwords and minimum of ntlmv2 should be used for lan ... Services Client and configuring authentication level on Domain Controller Security ... controllers if you have all W2K/XP computers. ... I also recommend you enable auditing of account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: Domain Password Security
    ... Domain Controller Security ... >controllers if you have all W2K/XP computers. ... >administrator accounts only when needed to, ... account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: Custom rights
    ... I don't know the specific answer to that offhand as I don't have Exchange ... >> By default any user can log onto a server other than domain controller. ... >> To add computers to the domain go to AD Users and Computers. ... >> not work on privileged groups such as administrators. ...
    (microsoft.public.win2000.security)
  • Re: The name could not be resolved
    ... On a domain controller, ... question, and check Exchange General to see what server they're on, and you ... >> Its possible that the Global Catalog server that Outlook is hitting to ... Connect via Active Directory Users and Computers and connect ...
    (microsoft.public.exchange.admin)
  • Re: Custom rights
    ... By default any user can log onto a server other than domain controller. ... allow then to logon to a domain controller give them the logon locally user ... To add computers to the domain go to AD Users and Computers. ... > Look into AD delegation, though you may need to do some custom delegation. ...
    (microsoft.public.win2000.security)