Solved

Group Policy to remove Domain\Local Admin

Posted on 2011-09-23
6
233 Views
Last Modified: 2012-05-12
I am looking for a Group Policy to remove DomainName\Local Admin  from my workstations. Attached is a screen shot of the Local workstation, Computer Management, Local usere and groups, Administrators  with the Member I want to remove from my domain workstations.

Thank you  [
local-admins.jpg
0
Comment
Question by:Randy Madej
  • 3
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586499
Use within that GPO node named Restricted Groups. You can read more abot that in the Internet because it's inconvenient placing links on a mobile ;)

If you have at least one Win7/2008 you can use Group Policy Preferences for that, but firstly you need to install Client Side Extension on XP/ 2003 machine. I will post links a little bit later or you can google for that. Thanks

Regards,
Krzysztof
0
 

Author Comment

by:Randy Madej
ID: 36586555
The networi is most xp machines I have 4 Win 7 and all servers are 2003
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36586667
So, in my opinion it's better to use GPP. Instal CSE on each XP/2003 and create GPP on a 7 import to 2003 GPO and link to OU(s).

GPP information aboy that
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

CSE for XP
http://www.microsoft.com/download/en/details.aspx?id=3628

CSE for 2003
http://www.microsoft.com/download/en/details.aspx?id=6955

you can install that update from WSUS

If you don't want to use GPP, then use Restricted Groups
http://www.windowsecurity.com/articles/using-restricted-groups.html
http://technet.microsoft.com/pl-pl/library/cc756802%28WS.10%29.aspx

Krzysztof
Krzysztof
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36586687
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586717
Nope, this link from Mike's blog is for filtering GPO appliance :) He needs to restrict membership of local Administrators group on a server/PC :]

Krzysztof
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36586734
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question