Solved

Creating a  restricted group  - group policy to remove users from local admin group and add to power users group

Posted on 2008-09-29
2
450 Views
Last Modified: 2012-08-13
Hello Everyone,

Most of my users who have xp and vista machines are local admins.  I want to implement a restricted group policy to remove them  from the local admin group and then add him/her to the local power users group.  
Does anyone have any documentation on how to do this?  Also,  Can I do this on a specific OU or group?

Thanks,

Bill
0
Comment
Question by:bjennings
2 Comments
 
LVL 5

Accepted Solution

by:
NutrientMS earned 500 total points
ID: 22599895
Hi Bill,

i'm not 100% sure how to use group policy to remove users from the local admins group, however to to the Power Users group in Group Policy you go to:

Computer Settings -> Windows Settings -> Security Settings -> Restricted Groups

From here you can set the Power Users group to have the YourDomain\Domain Users group as a member.  We use this to add all of our Domain Users to the Local Administrators group.

As this is a Computer Settings Policy, it needs to be applied to the OU that stores your computers and will apply to all the computers in the group.  If you only want to run it on some computers, you will need to split these out into their own OU and apply the policy to that one only.

Cheers.
0
 

Author Closing Comment

by:bjennings
ID: 31501300
Thanks..Worked Great!!  
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD Migration / Upgrade 4 56
Trasfering FSMO roles 8 106
Windows Server 2003 Policy Preventing Updates 6 51
Big Problem with Redirected Folder 8 59
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question