HOW TO: Pre-stage Windows 2000 Computers in Active Directory (283771)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q283771 SUMMARY This article describes how to pre-stage computer names for
Windows 2000-based computers, as you can in Microsoft Windows NT 4.0, to allow
only those computer names to be added to Active Directory.
back to the top
Locate Computer Accounts To pre-stage computers in a Windows 2000-based domain, you must
locate those computer accounts in an organizational unit other than the default
container. To do this, follow these steps:
- Open the default domain controllers policy.
- Click Computer Configuration.
- Click Windows Settings.
- Click Security Settings.
- Click User Rights Assignment.
- Double-click Add Workstation to
Domain.
- Click Define these policy
settings.
- Verify that Authenticated users is
selected in the Define these policy settings box.
- Click OK to make the setting active. This allows authenticated users to
add workstations to the domain.
After you complete the steps above, you can pre-stage computer
accounts in any organizational unit other than the default organizational unit,
provided that authenticated users can read from and write to that
organizational unit's objects.
back to the top
Remove Write Permissions of Authenticated Users from the Default Computer It is a good idea to remove Write permissions from the default
Computers location for authenticated users. To do this:
- Right-click the Computers container, click View, and then click Advanced features.
- Right-click the Computers container, and then click Properties.
- On the Security tab, click Authenticated users.
- Remove the Allow Write property. Or, for greater security, remove all of the "Allow"
security rights.
- Click Apply, and then click OK to apply the new security restrictions on the default Computers
container.
back to the top
Modification Type: | Major | Last Reviewed: | 9/8/2006 |
---|
Keywords: | kbhowto kbHOWTOmaster KB283771 kbAudITPro |
---|
|