Installing New Work Stations

I do computer support for a non-profit organization. They just had 10 new Pentium 4 computers donated. The machines have fresh installations of XP SP2. It takes a long time to install SP3 and the updates. Plus, there are several other applications that need to be installed on each computer.

Hopefully I can save some time by building one machine and then imaging the drive to the others. (All software is properly licensed.) So, I will use this occasion to try to understand a perpetual problem that I have: Giving administrator rights to the local machine after the work station joins the domain of the Windows 2003 Server. I have tried a number of ways, and something always seems to go wrong.

There are two parts to this question. The first part is, if I build one machine to spec, join the domain, and then image the drive to another (identical) computer, what do I have to change on the second machine to enable it to log into the network? The machine name? Or, do I have to go through the same routine to join the domain?

The second part of the question is, after a machine joins the domain using the Administrator account, how do I give any authenticated users administrator rights on the local machine? Do I add "Domain Users" or "Authenticated Users" to the local machine Administrators group? This part is the one that I always have problems with. As you can tell, I am not a server guy. If you would give me a detailed procedure to give the local machine administrator rights (even though some people don't think it's a good idea), I would be most grateful.

It's been a while since I added a computer, but here is what I did:

1. Log into the work station as an administrator of the local machine.
2. Click on "Network ID" or "Change..." to join the domain. (Which one should I use? What's the difference between the two methods?)
3. After joining the domain, Run "control userpasswords2", Advanced, Advanced, Groups, Administrators, Add... and then add Domain Users. (Sometimes "Domain Users" verifies, sometimes it doesn't.)
4. Okay all the way out.
5. Log out as Administrator and log in as with a server user account.

Thanks.
.

Relevant Pages

  • Re: User cant connect WM5 device
    ... administrator means for the local machine. ... Administrator group and member of Domain Users group. ... login - login domain is Computername). ...
    (microsoft.public.windowsce.embedded)
  • Re: Workaround for 0x8007045A (!)
    ... > and you created a domain user for a workstation as an administrator, ... > domain user would have full administration rights to the local machine. ... > Users and Groups' and adding Domain Users to the list. ...
    (microsoft.public.windowsupdate)
  • RE: Legacy application installations
    ... requests administrator credentials or administrator approval in order to ... installations write to protected areas of the file system and registry. ... Scroll down and double-click "User Account Control: ... "Elevate without prompting" and then click OK. ...
    (microsoft.public.windows.vista.security)
  • Re: Domain Users cant execute applications on SBServer
    ... Addind Domain Users to the Administrators on the Terminal Server ... I copied the application executable to the Terminal Server ... but that they can execute the application if initiated from ... the domain user logon workstation have administrator permission ...
    (microsoft.public.windows.server.sbs)
  • Re: Spying in a corporate environment
    ... while being logged into the local machine instead of the domain ... domain policies are not re-applied. ... An administrator can now manually ... getting the settings re-applied by GPO the next time it runs ...
    (Security-Basics)