Check or Attack Name: Add Workstation Privilege

A user has been detected with the Add Workstations to Domain privilege. This right allows users to add computers to the domain database in Server Manager, and is normally only granted to Domain Administrators.

In Windows NT Workstation, check advanced user rights for Add workstations to domain. Remove any names that are disallowed by your security policy.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. Select the Show Advanced User Rights check box.
4. From the Right list, select Add workstations to domain.
5. Verify this right is set in accordance with your security policy.
6. To remove a user, select the user and click Remove.

In Windows NT Server, check user rights for Add workstations to domain. Remove any names that are disallowed by your security policy.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. From the Right list, select Add workstations to domain.
4. Verify this right is set in accordance with your security policy.
5. To remove a user, select the user and click Remove.

Microsoft Knowledge Base Article Q139365, Capabilities of the "Add Workstations To Domain" Right, http://support.microsoft.com/support/kb/articles/q139/3/65.asp