Automated removal of users from Local Admins Group?

Hey folks,

I'm looking to set up something and automate it through GPO or login script.  What I want to do is remove all individual users from the local admins group on workstations through the domain and add one or two groups to the local admins.

If there was a way to make sure it only happened on 2KPro and XP machines as opposed to servers that would help too.  Any ideas?

Thanks in advance!

- Chris
cbarbereAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
grayeConnect With a Mentor Commented:
Rather than do this thru a GPO or login script directly... there is another way.

Take a look at the "Restricted Groups" sections of a Domain Security Policy.  It will allow you to "lock down" a group to only those folks that you want.  

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/611.asp

BTW: Like a lot of GPO-related things, users are free to add/delete members of that group, but on next reboot (or next application of the Security Policy) everything will be converted back to the way you want it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.