who added a server/worksation to the Domain? - Windows NT

This is a discussion on who added a server/worksation to the Domain? - Windows NT ; I have a small problem. We have limited the number of users that can add workstation and servers to our domain. One set of Techs should only be adding worksation Os and another team should be adding only server OS. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: who added a server/worksation to the Domain?

  1. who added a server/worksation to the Domain?

    I have a small problem. We have limited the number of users that can
    add workstation and servers to our domain. One set of Techs should
    only be adding worksation Os and another team should be adding only
    server OS. I am looking for a way to sparate this in one of two ways.

    1. beable to have a policy that will only let one group add
    workstations and one group add servers.

    or

    2. Beable to see when a machine (Server or Worksation) was added to
    the domain and who added it.

    Any help on how to get one of the two accomplished would be great.

  2. Re: who added a server/worksation to the Domain?

    On 31 Jul 2003 06:40:06 -0700, tryon2@yahoo.com (Tryon) wrote:

    >I have a small problem. We have limited the number of users that can
    >add workstation and servers to our domain. One set of Techs should
    >only be adding worksation Os and another team should be adding only
    >server OS. I am looking for a way to sparate this in one of two ways.
    >
    >1. beable to have a policy that will only let one group add
    >workstations and one group add servers.
    >
    > or
    >
    >2. Beable to see when a machine (Server or Worksation) was added to
    >the domain and who added it.
    >
    >Any help on how to get one of the two accomplished would be great.



    Try checking the registry key ownership of the account keys in the
    SAM. We had an issue where machine accounts added by a full admin
    could not be changed by server/account operators as they did not own
    the registry keys created.

    As for when it was added, use any available tools which show account
    creation dates. The workstation domain account is not terribly
    different than a normal user account - big difference is the $ at the
    end of the name.

    I also recommend enabling account auditting.

+ Reply to Thread