Solved

Automated removal of users from Local Admins Group?

Posted on 2004-04-27
4
129 Views
Last Modified: 2010-04-13
Hey folks,

I'm looking to set up something and automate it through GPO or login script.  What I want to do is remove all individual users from the local admins group on workstations through the domain and add one or two groups to the local admins.

If there was a way to make sure it only happened on 2KPro and XP machines as opposed to servers that would help too.  Any ideas?

Thanks in advance!

- Chris
0
Comment
Question by:cbarbere
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 41

Accepted Solution

by:
graye earned 50 total points
ID: 10935394
Rather than do this thru a GPO or login script directly... there is another way.

Take a look at the "Restricted Groups" sections of a Domain Security Policy.  It will allow you to "lock down" a group to only those folks that you want.  

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/611.asp

BTW: Like a lot of GPO-related things, users are free to add/delete members of that group, but on next reboot (or next application of the Security Policy) everything will be converted back to the way you want it.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question