Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Creating a  restricted group  - group policy to remove users from local admin group and add to power users group

Posted on 2008-09-29
2
Medium Priority
?
455 Views
Last Modified: 2012-08-13
Hello Everyone,

Most of my users who have xp and vista machines are local admins.  I want to implement a restricted group policy to remove them  from the local admin group and then add him/her to the local power users group.  
Does anyone have any documentation on how to do this?  Also,  Can I do this on a specific OU or group?

Thanks,

Bill
0
Comment
Question by:bjennings
2 Comments
 
LVL 5

Accepted Solution

by:
NutrientMS earned 2000 total points
ID: 22599895
Hi Bill,

i'm not 100% sure how to use group policy to remove users from the local admins group, however to to the Power Users group in Group Policy you go to:

Computer Settings -> Windows Settings -> Security Settings -> Restricted Groups

From here you can set the Power Users group to have the YourDomain\Domain Users group as a member.  We use this to add all of our Domain Users to the Local Administrators group.

As this is a Computer Settings Policy, it needs to be applied to the OU that stores your computers and will apply to all the computers in the group.  If you only want to run it on some computers, you will need to split these out into their own OU and apply the policy to that one only.

Cheers.
0
 

Author Closing Comment

by:bjennings
ID: 31501300
Thanks..Worked Great!!  
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question