Creating a restricted group - group policy to remove users from local admin group and add to power users group

Hello Everyone,

Most of my users who have xp and vista machines are local admins.  I want to implement a restricted group policy to remove them  from the local admin group and then add him/her to the local power users group.  
Does anyone have any documentation on how to do this?  Also,  Can I do this on a specific OU or group?

Thanks,

Bill
bjenningsAsked:
Who is Participating?
 
NutrientMSConnect With a Mentor Commented:
Hi Bill,

i'm not 100% sure how to use group policy to remove users from the local admins group, however to to the Power Users group in Group Policy you go to:

Computer Settings -> Windows Settings -> Security Settings -> Restricted Groups

From here you can set the Power Users group to have the YourDomain\Domain Users group as a member.  We use this to add all of our Domain Users to the Local Administrators group.

As this is a Computer Settings Policy, it needs to be applied to the OU that stores your computers and will apply to all the computers in the group.  If you only want to run it on some computers, you will need to split these out into their own OU and apply the policy to that one only.

Cheers.
0
 
bjenningsAuthor Commented:
Thanks..Worked Great!!  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.