By default Windows Server 2003 and upwards allows any authenticated user of a domain to add up to 10 machines without elevated user privileges to a domain, that is users who are not members of any elevated security groups such as domain admins or account operator groups. Because computer objects are security principals it is extremely problematic where security is concerned, if a user were to add a computer to the domain they would be able to manage the [...]