| 178 |
| Add users to the domain |
| By default, Windows 2000 Active Directory allows domain users to join up to 10 computers to the |
| Windows 2000 domain. Granting the Add Workstations To Domain privilege to the Authenticated |
| Users group allows all domain users to bypass the access control list (ACL) check--but only for 10 |
| You can change this maximum number either with a script or by using the Windows 2000 Support |
| Tools' ADSI Edit utility. To use the ADSI Edit utility to change the maximum number, follow these |
| Install the Support Tools from the Support\Tools folder on the Windows 2000 Server CD-ROM. |
| Run the ADSI Edit utility from the Windows 2000 Support Tools\Tools folder on the Start menu. |
| Highlight and right-click the domain name and select Properties. |
| In the Select A Property To View box, select Ms-DS-MachineAccountQuota. |
| The value entered is 10. Change it to 0 to prevent users from joining computers to a domain, or |
| enter any other integer value to change the number of computers users can join. |
| Click OK to save your changes and close the dialog box, and then close the ADSI Edit utility. |
| You can prevent users from joining new computers to the domain by removing the Add |
| Workstations To Domain privilege from the Authenticated Users group. |
First Previous Next Last |