AndrewParker Posted March 20, 2006 Posted March 20, 2006 Hi AllMy RIS test server has been working fine, I turned on prestaging, it still works fine however it doesn't stop non prestaged clients...!I have been deleting the computer account and restating the ris service before I attempt the rebuild, I was expecting not to be able to download an image however it still does allow it.All I can think of is that once a PC has been connected to the domain, AD remembers the GUID even if the Computer Account no longer exists, and therefore allows the rebuild.Any thoughts?Cheers
Br4tt3 Posted March 21, 2006 Posted March 21, 2006 A coupple of things u could do:1. Restrict the access to the .sif files for the image. If the end user performing the installation cant read the .sif file (read and exec), he or she will not be able to get the image displayed in the menu. So far so good...2. Restrict access for adding computers to the domain. Deafult for Win2003 domain, normal users can add users to the domain, if u restrict it, they wont. In other words, restrict it.3. Deafult when adding a computer to a AD enabled domain is that the computer account, is created in the CN=Builtin,DC=Company,DC=corp container. Restrict, so that machines cannot be created in that container. In that way, the only way to still add them is to have them prestaged into a more suitable container / OU.Best RegardsTha Sausage Eater...
RogueSpear Posted March 21, 2006 Posted March 21, 2006 By default any user can add ten (10) computers. Not sure how MS came up with this number..
AndrewParker Posted March 21, 2006 Author Posted March 21, 2006 Thanks for your help...I was logging into CIW as Domain Admin (2000 AD) to test it, it appears that you dont have to prestage PC's for Domain Admin, which makes sense...Logging in as a 'normal' Domain User produces an error if the PC hasn't been prestaged.So I guess its working correctly as a user cant start the install unless the PC is already in AD or has been prestaged.I've also restircted the SIF files and this works nicely...Cheers
Br4tt3 Posted March 22, 2006 Posted March 22, 2006 By default any user can add ten (10) computers. Not sure how MS came up with this number..hahahaha..... nice 1. I hope they scale that solution in the upcoming WDS to support at least 11 comp/user.Tha Sausage Eater...
RogueSpear Posted March 22, 2006 Posted March 22, 2006 Actually that little bit of trivia was from when I took all of the MCSE 2000 exams. I don't know it holds true with W2K3.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now