If you want to prevent domain users to add machines to the domain, you cannot do it by GPO, since the only policy existing "Add workstation to domain" applies to Computers Configuration and not User Configuration.
You have to run ADSI edit from the administrative tools, roll down Default Naming Context, right click on your DC=mydomain, then properties :
Find the value MS-DS-Machine-Account-Quota and change it to 0 (10 is the default value).
No comments:
Post a Comment