RE: Users adding workstations to the domain
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 02 Mar 2006 12:26:30 GMT
Hi Greg,
Thanks for post here.
Please note: in SBS domain, the Authenticated users include Administrators.
Please ensure you have used users that do not belong to Administrators
group to test the issue. Also please ensure the settings should be
configured in the Default Domain Controllers Policy.
If the issue persists, please help me collect the following information for
analyze:
1. On the SBS server, click Start -> Run, type in "gpmc.msc", click OK.
Right-click Group Policy Results and click Group Policy Results Wizard...,
click Next, select "Another computer", type the name of a "problematic"
client and click Next. Select "Select a specific user" and then select the
user who has the problem, click Next. Follow the instructions to generate a
group policy result report, right-click the report and click Save Report.
2. Logon the client with problematic user account, install the GPMC tool
and re-create a Group Policy results by choosing "This Computer", "Current
User". And also mail the report to me.
You can down the tool and get more information in the following link:
http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx
Please mail me the reports to my working mailbox: v-yanniw@xxxxxxxxxxxxx
I appreciate your time!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Users adding workstations to the domain<pb9xFAzFGHA.1240@xxxxxxxxxxxxxxxxxxxxx>
thread-index: AcY9dLZy8ILyiIWIRoyZnYdvAf4AGg==
X-WBNR-Posting-Host: 129.128.167.35
From: "=?Utf-8?B?R3JlZw==?=" <Greg@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <O#S2fYqFGHA.516@xxxxxxxxxxxxxxxxxxxx>
Subject: RE: Users adding workstations to the domaindon't
Date: Wed, 1 Mar 2006 13:11:31 -0800
Lines: 93
Message-ID: <2800EBB8-62CA-4AE7-82EF-C12C3050EF50@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248545
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs
I have only "Administrators" listed for the above mentioned policy and
Authenticated Users are still able to add workstations to the domain.
Not sure where to go from here.
""Jenny wu [MSFT]"" wrote:
Hi Dave,
Thanks for using the SBS newsgroup.
From your description, I understand that you want to control user's
permissions to join workstation to domain. If I am off base, please
tohesitate to let me know.
Do you mean the policy:
Default Domain Controllers Policy\Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Right Assignment\Add
workstations to domain
Yes, you can do that. If you don't want to grant some users permissions
thesome policy, you can move them from permission list. And please ensure
theusers can not belong any groups that has the permission, for example,
corresponding"Authenticated users" includes all domain users, so please ensure you do
not add the Domain users to the policy.
Hope above information helps! If you have further question on the issue
please let me know. I am happy to be of assistance to you-)!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
manner.newsgroups so that they can be resolved in an efficient and timely
theYou can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
are"Notify me of replies" box to receive e-mail notifications when there
newsreader,any updates in your thread. When responding to posts via your
doingplease "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
Pleaseso, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
rights.check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
they
--------------------
From: "Dave Taylor" <noemail@xxxxxxxxx>
Subject: Users adding workstations to the domain
Date: Wed, 11 Jan 2006 11:56:55 -0000
Lines: 11
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Message-ID: <O#S2fYqFGHA.516@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: 62-249-231-10.no-dns-yet.enta.net 62.249.231.10
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:235760
X-Tomcat-NG: microsoft.public.windows.server.sbs
All,
I have a user that has added a personal computer to the network which
gposhould not have done. Can I remove the "authenticated users" from the
that says who can add computers to the domain with out causing problems
later?
TIA
Dave
.
- References:
- RE: Users adding workstations to the domain
- From: Greg
- RE: Users adding workstations to the domain
- Prev by Date: Re: http://companyweb dosent work
- Next by Date: RE: Client Certification when using Remote Web
- Previous by thread: RE: Users adding workstations to the domain
- Next by thread: Re: ActiveSync - not syncing!
- Index(es):
Relevant Pages
|
