Re: Preventing Users from removing their PC from the Domain
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 13:07:33 -0400
You can't prevent an admin (or really anyone with local physical access) on a machine from removing it from a domain. The credentials supplied when it asks for credentials are simply to disable the account in the domain. They are not required, if the computer can't disable the account in AD, it will simply disjoin from the domain locally and leave the domain account enabled.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
rndinit9@xxxxxxxxx wrote:
Currently users are able to remove their PC's from the domain w/o being.
prompted for a DomainAdmin username/pass. This is becomming a problem.
How can I set it that in order for a PC to be removed from the domain,
that a domain admin username & password must be entered.
Your help is appreciated.
- Follow-Ups:
- Re: Preventing Users from removing their PC from the Domain
- From: rndinit9@xxxxxxxxx
- Re: Preventing Users from removing their PC from the Domain
- References:
- Preventing Users from removing their PC from the Domain
- From: rndinit9
- Preventing Users from removing their PC from the Domain
- Prev by Date: Re: Preventing Users from removing their PC from the Domain
- Next by Date: Re: User profiles on domain controller - Very strange
- Previous by thread: Re: Preventing Users from removing their PC from the Domain
- Next by thread: Re: Preventing Users from removing their PC from the Domain
- Index(es):
Relevant Pages
|
|
