Re: Adding Computers to the Domain (AD)

From: Todd J Heron (todd_heron_no_spam_at_hotmail.com)
Date: 03/16/05 

Date: Wed, 16 Mar 2005 16:13:51 -0500

lol, Mr. Smith: "So I can go beat the user with a patch cable for doing so
w/o my permission."

You can find out who added the computer to the domain.

Quoted from:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/526.asp

"computer accounts that are created by means of permissions on the computers
container have the creator as the owner of the computer account."

See also:
Domain Users Cannot Join Workstation or Server to a Domain:
http://support.microsoft.com/default.aspx?scid=kb;en-us;251335&sd=RMVP

I'm not arguing whether it's right or wrong maybe this will be taken out of
the next release of the OS maybe not. As the admin you are now armed with
the information to prevent this since you own the network. User or vendors,
salepersons or whoever should not be bringing machines into your network and
just plugging in. If you are interested, I have a variety of methods to
stop that EVEN if they are full of viruses (one is through leveraging
Microsoft's "Network access quarantine control"). A worm let loose on the
network by an infected laptop brought in from the outside will penetrate
well before the machine is even joined to the domain if it is joined to the
domain at all; most worms initially penetrate via the email program or the
Internet Browser these days. Protecting against that threat is your primary
worry. Patch all machines with the latest SPs and hotfixes or do your best
to do so, keep antivirus up-to-date on all machines or do your best to do
so, have 1 or 2 types of anti-spyware on machines which regularly scan for
and clean malware (or do your best to do so). Don't patch unused network
outlets or leveraging IEEE 802.1x port authentication to mitigate that
threat as well. I have more, just post back if you want the complete
rundown. 

-- 
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights.

Relevant Pages

  • Re: Adding Computers to the Domain (AD)
    ... "computer accounts that are created by means of permissions on the computers ... the information to prevent this since you own the network. ... Patch all machines with the latest SPs and hotfixes or do your best ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adding Computers to the Domain (AD)
    ... "computer accounts that are created by means of permissions on the computers ... the information to prevent this since you own the network. ... Patch all machines with the latest SPs and hotfixes or do your best ...
    (microsoft.public.windows.server.security)
  • Re: Adding Computers to the Domain (AD)
    ... "computer accounts that are created by means of permissions on the computers ... the information to prevent this since you own the network. ... Patch all machines with the latest SPs and hotfixes or do your best ...
    (microsoft.public.windows.server.general)
  • Re: Windows servers dropping like flies!!
    ... >> Wow, a whole week to drop everything, test all the machines on the ... >> network with the patch, make sure the patch doesn't break previous ... preferring their own system of applying patches. ...
    (comp.sys.mac.advocacy)
  • Re: Can find Vista box, cant share folders or printers.
    ... When I click 'Network' on the laptop the ... I've disabled Norton and Windows firewall entirely to make sure that's not ... public folder sharing - on ... start by running the Network Setup Wizard on all machines (see ...
    (microsoft.public.windows.vista.networking_sharing)