Solved

Local admin group policy challenge!

Posted on 2011-02-18
3
262 Views
Last Modified: 2012-06-27
I have a relatively small domain of 20 XP Pro workstations and 1 windows Server 2003 Standard DC.
Each user is a local admin because domain users are in the local admin group of each workstation. Is there a way to reverse this without going to each station? - the last couple of viruses have made us much more security aware. I want to turn users back to normal users to prevent software installations.
0
Comment
Question by:HardwareDude
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
Great idea, you don't need them to be local admins.

You can use restricted groups to do this.  Florian has a great writeup   http://www.frickelsoft.net/blog/?p=13

So as you can see you can either wipe out what is there and start fresh or add/append to what is there.

in your case I'd start fresh and define what you want.

Get a feel for it by testing on your box or a test machine first.

Thanks

Mike
0
 
LVL 3

Expert Comment

by:andreibutu
Comment Utility
NET LOCALGROUP administrators UserName /delete

change UserName with required name & use this command in batch file.
0
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
Restricted groups is the better option because it enforces the setting through time as opposed to just making just a one time change.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now