Solved

Group Policy to remove Domain\Local Admin

Posted on 2011-09-23
6
234 Views
Last Modified: 2012-05-12
I am looking for a Group Policy to remove DomainName\Local Admin  from my workstations. Attached is a screen shot of the Local workstation, Computer Management, Local usere and groups, Administrators  with the Member I want to remove from my domain workstations.

Thank you  [
local-admins.jpg
0
Comment
Question by:Randy Madej
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586499
Use within that GPO node named Restricted Groups. You can read more abot that in the Internet because it's inconvenient placing links on a mobile ;)

If you have at least one Win7/2008 you can use Group Policy Preferences for that, but firstly you need to install Client Side Extension on XP/ 2003 machine. I will post links a little bit later or you can google for that. Thanks

Regards,
Krzysztof
0
 

Author Comment

by:Randy Madej
ID: 36586555
The networi is most xp machines I have 4 Win 7 and all servers are 2003
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36586667
So, in my opinion it's better to use GPP. Instal CSE on each XP/2003 and create GPP on a 7 import to 2003 GPO and link to OU(s).

GPP information aboy that
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

CSE for XP
http://www.microsoft.com/download/en/details.aspx?id=3628

CSE for 2003
http://www.microsoft.com/download/en/details.aspx?id=6955

you can install that update from WSUS

If you don't want to use GPP, then use Restricted Groups
http://www.windowsecurity.com/articles/using-restricted-groups.html
http://technet.microsoft.com/pl-pl/library/cc756802%28WS.10%29.aspx

Krzysztof
Krzysztof
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36586687
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586717
Nope, this link from Mike's blog is for filtering GPO appliance :) He needs to restrict membership of local Administrators group on a server/PC :]

Krzysztof
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36586734
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question