Add workstations to domain (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008

This check reports accounts with rights to add workstations to a domain. When this right is assigned to an account in the domain controller security policy, the account can add as many as 10 workstations to the domain. Do not grant this user right unless absolutely required. You can use the name list to exclude or include users or security groups that are not already excluded or included by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Add workstations to domain

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_ADD_WORKSTATION Category: Policy Compliance	Windows 2000 (105932) Windows 2003 (205932) Windows 2008 (248932)	Title: Add workstations to domain Description:The reported user or security group has the right to add workstations to a domain. If the right is authorized, edit the check's name list. If the right is not authorized, use the Correct feature to revoke it.	Severity: yellow-1 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_ADD_WORKSTATION

Category: Policy Compliance

Windows 2000 (105932)
Windows 2003 (205932)
Windows 2008 (248932)

Title: Add workstations to domain

Description:The reported user or security group has the right to add workstations to a domain. If the right is authorized, edit the check's name list. If the right is not authorized, use the Correct feature to revoke it.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]