By default, when we create a user in Active Directory, he will be able to joing maximum of ten (10) machines to domain. So in order to refuse this kind of rights, we have just to modify "Add workstations to domain" properties in "Default Domain Policy" then check "Define these policy settings" and finally click "Add user and Group" to add objects (users and/or Groups) who will have the right to joing machines to domain.
The parameter is located in : "Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment"
The parameter is located in : "Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment"
