Initially, an application we had required local admin rights. That requirement has been changed but we in I.T. are left with the headache that it leaves behind. We have around 200 PC's all with local admin rights. I have two questions:
#1) How can we change their local group membership via a group policy object (GPO)?
#2) If number one can't be done, how can we stop local admins from installing software?
Windows 2003 domain w/ active directory
50% Windows 2000
50% Windows XP
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …