A. If you've prestaged a client machine for RIS, you must enter a domain account at the start of the RIS process. However, the user at the client machine won't need to have the rights to add computers to the domain because the computer account has been created in advance; instead, the user needs only the ability to read the computer account and the ability to reset the account password. To verify or add these settings, perform the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, then click Active Directory Users and Computers).
  2. Open the View menu and select Advanced Features to select the Advanced view.
  3. Right-click the prestaged computer account, then select Properties from the context menu.
  4. Select the Security tab, then click Add.
  5. Select the user, or a group that the user belongs to, who will be entering his or her log on information at the start of the RIS process, then click OK.
  6. Select the user or group that you added in Step 5 and verify that the user or group has read and reset password permissions; if not, select the Allow check box under the read permission and select the Allow check box under the reset password permission.
  7. Click OK.