Local admin group policy challenge!

I have a relatively small domain of 20 XP Pro workstations and 1 windows Server 2003 Standard DC.
Each user is a local admin because domain users are in the local admin group of each workstation. Is there a way to reverse this without going to each station? - the last couple of viruses have made us much more security aware. I want to turn users back to normal users to prevent software installations.
HardwareDudeAsked:
Who is Participating?
 
Mike KlineConnect With a Mentor Commented:
Great idea, you don't need them to be local admins.

You can use restricted groups to do this.  Florian has a great writeup   http://www.frickelsoft.net/blog/?p=13

So as you can see you can either wipe out what is there and start fresh or add/append to what is there.

in your case I'd start fresh and define what you want.

Get a feel for it by testing on your box or a test machine first.

Thanks

Mike
0
 
andreibutuCommented:
NET LOCALGROUP administrators UserName /delete

change UserName with required name & use this command in batch file.
0
 
kevinhsiehCommented:
Restricted groups is the better option because it enforces the setting through time as opposed to just making just a one time change.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.