Users can create their own machine accounts (Low security) - For this option, modify the security on the container that will hold the new MAOs to include an Access Control Entry (ACE) for the user (or group) allowing the Create All Child Objects permission. The creator of this object becomes the owner, giving the creator full control of this object only. This option allows the user to reinstall, if required, without administrator assistance.
I forgot a couple items. First, I need to install RIS with Enterprise Admin rights. Since we have 2 domains (root and primary) I needed to give administrative rights on the RIS server to the correct root\account.
My second issue is documented above. Instead of requiring "Domain Admin" rights, we decided to create a domain group of "RIS Operators" which had permissions to perform a RIS installation. To do that, I needed to run ADSI edit from a domain controller, go to properties of the RIS computer and then the security tab. Give the Self object "create all child objects" and "delete all child objects" permissions.
I almost remember reading about this permission but had forgotten it and couldn't find it again on Microsoft's website.
What OS and SP? Are you getting other binl event IDs, like 7000, 1047 and
Did you successfully complete risetup?
It could be permissions-related. The computer account of Self has to be
the Create All Child object access on the computer object of the Ris Server