Re: Prevent computer from being removed from the domain
From: Adam Leinss (aleinss_at_techie.com)
Date: 03/03/05
- Next message: Johan: "Password Policy in OU"
- Previous message: Modem Ani: "Re: faulty mouse"
- In reply to: Mike C: "Re: Prevent computer from being removed from the domain"
- Next in thread: Mike C: "Re: Prevent computer from being removed from the domain"
- Reply: Mike C: "Re: Prevent computer from being removed from the domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 03 Mar 2005 15:29:58 GMT
"Mike C" <mike.carney@bentley.com> wrote in
news:OOclSIqHFHA.3040@TK2MSFTNGP10.phx.gbl:
> Hi Robert,
>
> This is more of a covering a user with "first option failed
> so I guess my company blocked it". We have been told in our group
> that we should find a way to disallow users from removing their
> machines from the domain.
>
> We need to have most users as part of the local admins group to
> enable so of the app they use to run. What we are looking for is
> similar to the above post where we simply remove the option from
> the interface. Essentially not taking the feature away from th,
> but also not allowing them to see it. This would take care of all
> bout a few users who tinker.
You aren't going to like what I have to say.
I was just involved in a Windows 98 to Windows 2000 migration involving
150+ applications and not once did we have to put users in an
administrator's group to make an application work. Granted, some
applications want to write to a registry key or directory they do not
have access to. You can figure this out with regmon or filemon from
Sysinternals and then open the specific keys/directories it needs
opened. Sometimes we had contact the vendor to get an updated version
of the program.
If the users have access to a command prompt they can also issue
"netdom remove" to yank a computer out of the domain.
See if you can get away with using just using Power User rights for
them. I believe they cannot unjoin computers from the domain with this
access.
Also, if there was a GPO like this it would be most likely a computer
policy which if implemented would lock out your own IT staff from
disjoining computers from the domain!
Adam
- Next message: Johan: "Password Policy in OU"
- Previous message: Modem Ani: "Re: faulty mouse"
- In reply to: Mike C: "Re: Prevent computer from being removed from the domain"
- Next in thread: Mike C: "Re: Prevent computer from being removed from the domain"
- Reply: Mike C: "Re: Prevent computer from being removed from the domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
