Initially, an application we had required local admin rights. That requirement has been changed but we in I.T. are left with the headache that it leaves behind. We have around 200 PC's all with local admin rights. I have two questions:
#1) How can we change their local group membership via a group policy object (GPO)?
#2) If number one can't be done, how can we stop local admins from installing software?
Windows 2003 domain w/ active directory
50% Windows 2000
50% Windows XP
Appreciate any ideas or thoughts!