Can I create a policy in DRA to prevent Assistant Admins from creating computer accounts with specia (NETIQKB11071)

  • 7711071
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
Can I create a policy in DRA to prevent Assistant Admins from creating computer accounts with special characters in the name?

fact
Directory and Resource Administrator 6.x

fix

Yes, the Policy and Automation feature in DRA can ensure that Assistant Admins are not able to create computer accounts with special charaters in the name. The following steps must be performed in order to setup such a policy:

  1. Launch the DRA MMC while logged in as an Assistant Admin with, at minimum, the Built-in Configuration role.
  2. Expand the Policy and automation management node.
  3. Highlight Automation Triggers and click New.
  4. Click Browse in the Associate to operation field.
  5. Select ComputerCreate and ComputerCopy and click click Add.
  6. Click OK.
  7. Select Pre-task in the Type of trigger field.
  8. Click Next.
  9. Click Next.
  10. Select Script iIn the File type field.
  11. Specify the full path anf the name of the script file in the DO file path field.  An example is C:\DRAScripts\PolStopComputer.vbs.
  12. Click Next.
  13. Click Next.
  14. Specify a name for this trigger in the Trigger name field.
  15. Click Finish.


note

A sample script called PolStopComputer.vbs is available on the DRA Knowledge Depot.  To download the script from the DRA Knowledge Depot, please use the following link:

This script can be modified to include additional special characters and objects as needed.



Additional Information

Formerly known as NETIQKB11071