• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

Can I remove end users admin rights through group policy

I have users in my domain, who in the past enjoyed local admin rights on their PCs and laptops, this was more a political than technical choice. I would like to be able to use group policy to prevent or remove local admin rights on their machines. Does anyone know how this can be done?
1 Solution
if those are domain users simply from my computer management console access the required machine change the admin password or if the domain user is part of local admin the remove that as well...
You could enforce a Restricted Group policy:



You should offcourse test this in a small scale to start with.


Brian PiercePhotographerCommented:
You can do this by using a restricted group. if you do this then it it can be used to force certian users (such as domain admins) into the Local Admins group and at the sdame time remove other users.
For example:

At the Domain, create and link a group policy that configures Domain Admin as a Restricted Group and under the option "This group is a member of...", add "Administrators" (local administrators)

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now