Group Policy: Add workstations to domain

Group Policy: Add workstations to domain

As I understood it, Microsoft was supposed to make Windows Server 2012 R2 more secure. I recently installed a Windows 2012 R2 Domain Controller and discovered that the Group Policy setting was set to allow any user to join a PC to the domain. To me that is a major security problem. 

To change the users that are allowed to Join PC's to the domain, open up the Group Policy Management Console. 

Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies / User Rights Assignment > Add workstations to domain. 

Select the AD security group that you would like to give permissions for those users to join PC's to the domain.