What's new
Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

SOLVED Restrict domain join for users

Status
Not open for further replies.
Dineshyadav

Dineshyadav

Well-Known Member
Messages
46
Reaction score
0
Points
8
Hi,
In my company any active directory user can join the machine to the domain ?. Is it same for others. I do not want to allow domain users to join the pc to the domain. how to do this ?.
 
Sort by date Sort by votes
If the machine local Users group is still granted the Log on locally user right and it still has as a member Authenticated Users then any domain account can log in.

You can removed “Users” from the “Log on locally” entry in the Local Policy of each machine. We put the subset of machines in an OU in Active Directory, then added groups (Employees) to the “Log on locally” entry in the Group Policy for the OU.

Also,, You can give the required access to users according to their Support level responsibilities..

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

  • PENDING Windows Autopilot reset failing for remote devices
  • PENDING Service Tool Generation Plus - Push out via SCCM
  • PENDING Intune User Policy Delays – Best to Apply Restrictions at Device Level Instead?
  • SOLVED SCCM OS Task Sequence fails domain join in specific location
  • PENDING Query to only show devices with multiple ip addresses

    • Forum statistics

    Threads
    7,027
    Messages
    27,499
    Members
    17,680
    Latest member
    Symetria

    Latest posts

    Trending content
    Back
    Top