Q: I’m trying to use Windows
Deployment Services (WDS)
to approve devices, but I get an
Access Denied error. What’s wrong?
A: To approve a device, WDS has to
create a computer account in Active
Directory (AD) in the Computers
container. However, the WDS server
doesn’t have permission to this container.
To give WDS this permission,
perform these steps:
1. Start the Microsoft Management
Console (MMC) Active
Directory Users and Computers
snap-in.
2. Right-click the container where
the computer accounts are created
(Computers by default) and select
Delegate Control.
3. Click Next to the welcome
screen of the Delegation of Control
wizard.
4. You’ll be prompted for the user
or group for whom to add permissions.
Click Add.
5. Click the Object Types button,
and select Computers.
6. In the selection dialog box,
enter the name of the WDS server to
which you want to give access permissions.
Click Next.
7. Under the tasks to delegate,
select Create a custom task to
delegate.
8. Select the Only the following
objects in the folder option and select
the Computer objects type check
box. Select the Create selected objects
in this folder check box and click
Next.
9. Under permissions, give the
server Read and Write permissions
and click Next.
10. Click Finish to grant the server
access to the Computers container.