Allow a user or group to create a RIS managed computer account in the domain

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To allow a user or group to create a RIS managed computer account in the domain

  1. Open Active Directory Users and Computers.

  2. In the console tree, right-click the applicable domain.

    Where?

    • Active Directory Users and Computers/Applicable domain

  3. Click Delegate control.

  4. In the Delegation of Control Wizard, click Next.

  5. In the Users or Groups dialog box, click Add.

  6. In the Select Users, Computers, or Groups dialog box, type the name of the User account or the Security Group (preferred) that contains the users who create Remote Installation Services (RIS) managed computer accounts in the domain (that is, who install from RIS on client computers that are not prestaged).

  7. Click OK, and then click Next.

  8. In Tasks to Delegate, click Join a computer to the domain, and then click Next.

  9. Review the delegation of control summary information, and then click Finish.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • This topic does not apply to Windows Server 2003, Web Edition.

  • To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then click OK. For information about creating a shortcut so you can easily open Active Directory Users and Computers with runas, see Related Topics.

  • This procedure pertains to RIS client computers that are not prestaged. For information about setting permissions that pertain to prestaged client computers, see Related Topics.

  • If you performed this procedure for a group, remember to add users to that group.

  • It is recommended that you limit the user to a specific container in which the RIS server is configured to create clients. Otherwise, the user will be able to create computer objects in any container in the domain.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Working with MMC console files
Set permissions required by RIS users who use prestaged client computers
Allow or prevent the installing of a RIS image by a user or group
Manage Security for Remote Installation Services
Choosing appropriate group memberships for RIS administrators
Create a shortcut using the runas command