Re: Preventing Users from removing their PC from the Domain
- From: "rndinit9@xxxxxxxxx" <rndinit9@xxxxxxxxx>
- Date: 26 Jun 2006 14:10:41 -0700
In regards to what really happens when a PC leaves the domain. I liked
your answer the most, because it was clear and simple.
Joe Richards [MVP] wrote:
You can't prevent an admin (or really anyone with local physical access)
on a machine from removing it from a domain. The credentials supplied
when it asks for credentials are simply to disable the account in the
domain. They are not required, if the computer can't disable the account
in AD, it will simply disjoin from the domain locally and leave the
domain account enabled.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
rndinit9@xxxxxxxxx wrote:
Currently users are able to remove their PC's from the domain w/o being
prompted for a DomainAdmin username/pass. This is becomming a problem.
How can I set it that in order for a PC to be removed from the domain,
that a domain admin username & password must be entered.
Your help is appreciated.
.
- References:
- Preventing Users from removing their PC from the Domain
- From: rndinit9
- Re: Preventing Users from removing their PC from the Domain
- From: Joe Richards [MVP]
- Preventing Users from removing their PC from the Domain
- Prev by Date: Re: User profiles on domain controller - Very strange
- Next by Date: Re: WIN 2000 Archive Files
- Previous by thread: Re: Preventing Users from removing their PC from the Domain
- Next by thread: Tracking access to folder
- Index(es):
Relevant Pages
|
|
