Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Security Option: "Domain controller: Allow computer account re-use during domain join" #192

Open
heinejeppesen opened this issue Jan 22, 2024 · 0 comments
Open

Support for Security Option: "Domain controller: Allow computer account re-use during domain join" #192

heinejeppesen opened this issue Jan 22, 2024 · 0 comments

Comments

@heinejeppesen
Copy link

Hi,

It would be great if the SecurityOption resource supported .
This was added/enforced in late 2023 to harden domain join.

https://support.microsoft.com/en-au/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8

From the "Take Action" headline in the above article:

  1. Under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, double-click Domain controller: Allow computer account re-use during domain join.

  2. Select Define this policy setting and <Edit Security…>.

  3. Use the object picker to add users or groups of trusted computer account creators and owners to the Allow permission. (As a best practice, we highly recommend that you use groups for permissions.) Do not add the user account that performs the domain join.

When building environments through pipelines and DSC (from DC and up to servers/clients), this is much needed to allow reinstallation of individual servers/clients.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@heinejeppesen