Re: Preventing Users from removing their PC from the Domain

Odd... I just retested with an XP SP2 client in an R2 forest... Same results, no disable if no creds, disable with creds.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Roger Abell [MVP] wrote:
Hi Joe, Good 4th I hope.
Per your comments on the cred, yep, and as I mentioned in other
post of this thread, I have not dug in to see how this is possible,
that (in W2k3 native domain/forest) without creds the account
ends up disabled. I guess I have to carve out the time . . .
Never-the-less, last week I finally have situation that reconfirmed
the behavior.
Roger

"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:OmFbio4nGHA.3440@xxxxxxxxxxxxxxxxxxxxxxx
Hey Roger, I think it may vary based on bin levels... My primary experience has been as I indicated, disabled if creds given, left enabled when creds not given.

Consider this... When I look at a computer object in my AD, the permissions granted to SELF wouldn't allow the computer to disable itself. It wouldn't have permission to.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Roger Abell [MVP] wrote:
Hey Joe,

just fyi ...

It took me a while to remember to check this, but it is as I had
posted, i.e. without the credentials the computer account is just
disabled, but with them it is removed.



.

Relevant Pages