• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 134
  • Last Modified:

Automated removal of users from Local Admins Group?

Hey folks,

I'm looking to set up something and automate it through GPO or login script.  What I want to do is remove all individual users from the local admins group on workstations through the domain and add one or two groups to the local admins.

If there was a way to make sure it only happened on 2KPro and XP machines as opposed to servers that would help too.  Any ideas?

Thanks in advance!

- Chris
0
cbarbere
Asked:
cbarbere
1 Solution
 
grayeCommented:
Rather than do this thru a GPO or login script directly... there is another way.

Take a look at the "Restricted Groups" sections of a Domain Security Policy.  It will allow you to "lock down" a group to only those folks that you want.  

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/611.asp

BTW: Like a lot of GPO-related things, users are free to add/delete members of that group, but on next reboot (or next application of the Security Policy) everything will be converted back to the way you want it.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now