Using WDS to Approve Devices

Q: I’m trying to use Windows Deployment Services (WDS) to approve devices, but I get an Access Denied error. What’s wrong?

A: To approve a device, WDS has to create a computer account in Active Directory (AD) in the Computers container. However, the WDS server doesn’t have permission to this container. To give WDS this permission, perform these steps:

1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in.
2. Right-click the container where the computer accounts are created (Computers by default) and select Delegate Control.
3. Click Next to the welcome screen of the Delegation of Control wizard.
4. You’ll be prompted for the user or group for whom to add permissions. Click Add.
5. Click the Object Types button, and select Computers.
6. In the selection dialog box, enter the name of the WDS server to which you want to give access permissions. Click Next.
7. Under the tasks to delegate, select Create a custom task to delegate.
8. Select the Only the following objects in the folder option and select the Computer objects type check box. Select the Create selected objects in this folder check box and click Next.
9. Under permissions, give the server Read and Write permissions and click Next.
10. Click Finish to grant the server access to the Computers container.