I have a forest with over 700 computers. The workstations have overtime had various local administrator groups and user added.
I used the restricted groups in Windows Computer Settings in the Group Policy editor and applied it to everybody in the forest.
I selected BUILTIN/ADMINISTRATORS and added ADMINISTRATOR and DOMAIN ADMINS to be the only local administrators.
That worked a treat. All the weird accounts were remove from the domain workstations and just Administrator and Domain Admins remain.
The problem is, I need to add 5 users to be allowed local administrator rights. But if I add them on the local machine, the group policy overides them.
How can I make exceptions to the Restrcited Groups policy?
Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.