General discussion

Locked

problem with server computer accounts

By john_e_lobb ·
I am running an NT 4.0 sp6 network with only a few windows 2000 servers online. Is there any way to stop peaple from loading a 2000 server and it creating a computer account on my network without me knowing it. I keep finding Computer Accounts in mydomain that I did not create and the peaple that have loaded the machine does not have admin privileges. any idea why or what I can do to stop it

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

problem with server computer accounts

by tony.colgrove In reply to problem with server compu ...

Only people with "Add Computer to Domain" should be able to do this. To check who has these rights, open User Manager for Domains, then Policies>User Rights. Find Add Computer to Domain and see who's there. To lock it down remove everyone except your account or the admin account. What we have done in our environment is left only the Global Admin group and an "AddWorkstation" account (which gets a password reset about every three weeks).

Collapse -

problem with server computer accounts

by john_e_lobb In reply to problem with server compu ...

Poster rated this answer

Collapse -

problem with server computer accounts

by NTOz In reply to problem with server compu ...

Actualy what your prob seeing is not accounts in the domain but systems that were setup as workgroups and they are using the Domain name as the workgroup. This is true not only for Windows 2000 workstations but also NT 4.0 and win9x systems. Even though they are in your server manager list, they are not part of the domain unless they joined it. Essentialy what your seeing is the browser service keeping track of everyone using the netbios name for the domain/workgroup. The PDC in Windows NT 4.0 is a Domain Master Browser and BDC's on separtate subnets are master browsers. They pass along all information about workstations, servers and services that are available for any system using browser services and the netbios name for the domain. The workstations your seeing dont have a SID for the workstations, thus they dont have the access privleges that a system that were part of the domain would have. Under server manager there is a setting that you can change to say, member servers or its members of the domain. You then see all servers and workstations diapear if they are not part of the domain. In general your Domain Servers are the ones that remain in the list. It doesnt mean the others are not there when you change it back, its justwhat the option is all about. I hope I helped you understand and feel a little better about what your seeing.

Pete

Pete

Collapse -

problem with server computer accounts

by john_e_lobb In reply to problem with server compu ...

Poster rated this answer

Collapse -

problem with server computer accounts

by john_e_lobb In reply to problem with server compu ...

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums