Domain user permissions to join the domain

Enterprise 2019-07-26 09:13:34 views: null

Ordinary users to join the domain rights issues. I now want to use an ordinary domain user, so that he can be with or without permission several times to join the domain is not limited to 10 times the number of domain-joined, is there any good way to achieve it? And then disable all other domain users permissions to join the domain, I ask how to achieve better.

Answer: Based on your description, you want to know how to make a user has permission to 10 times larger than the default domain-joined computers. We can accomplish this by:

1, open the Group Policy Editor, double-click the Default Domain Controllers Policy

2. Expand find the following policy:
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment | add workstations to the domain

3. Double-click the policy, which will be authenticated users to remove, and then add into the user's account.

These above operations, is used to set the default permission right to join a computer 10 domain. Then, we need to modify the default 10 times this limitation: you see articles from Active Directory SEO http://gnaw0725.blog.51cto.com/156601/d-1

  1. Run Adsiedit.msc as an administrator of the domain.

  2. Expand Domain NC node. This node contains objects that begin with "DC =", reflects the correct domain name. Right-click the object, and then click Properties.

  3. In the properties box you want to view, click Both.

  4. In the Select a property to view box, click ms-DS-MachineAccountQuota.

  5. In the Edit Attribute box, type a number. This number represents the number of users that may be maintained while the desired station.
  6. Click Settings, and then click OK.

If you need to set up a separate user with this permission, you can use the following steps to grant this particular user to create computer objects permissions:

  1. From Active Directory Users and Computers snap-in, click Advanced Features on the View menu, click Properties so that when you open the Security tab.

  2. Right-click the Computers container, and then click Properties.

  3. On the Security tab, click Advanced.
  4. On the Permissions tab, click Authenticated Users, and then click View / Edit.

Note: If the Authenticated Users group is not listed, click Add and add it to the list of permission entries. You see articles from Active Directory SEO http://gnaw0725.blog.51cto.com/156601/d-1

  1. Make sure the display object and all child objects option in the application to the box.
  2. Permissions box, click to select the Create objects near the computer and remove computer objects ACE Allow check box, and then click OK.

Guess you like

Origin blog.51cto.com/543235/2423664
Recommended
Open signature electronic signature: stop new additions, optimize experience, and make progress (work before the May Day holiday)
Kaiyuan Daily | Open source front-end animation engine for middle school students; the world’s first Llama3 8B Chinese version open source model; Lenovo Computer may be out of business; Linus satirizes AI hype
Ranking
Fast data acquisition card in the acquisition and analysis of radar signals in Application Notes
Simple understanding of regular expressions
Wannafly Challenge 15 C "a team" (Josephus kind of problem)
[Self-study] Using python for data analysis LESSON6 <Introduction to pandas——Introduction to pandas data structure 2>
RAID implementations 116.211.146.88
2020 strongest dubbo face questions + Answer: architectural design services + + framework design cluster configuration
Introduction to GPS time
DOTween download address for each version
Deep learning and computer vision practical learning (0) - basic tools, NVIDIA driver and CUDA installation
[NOIP2012 Improvement Group] Borrow classroom
Daily
More
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)

Code World

© 2018 codetd.com