Solved

Group Policy to remove Domain\Local Admin

Posted on 2011-09-23
6
228 Views
Last Modified: 2012-05-12
I am looking for a Group Policy to remove DomainName\Local Admin  from my workstations. Attached is a screen shot of the Local workstation, Computer Management, Local usere and groups, Administrators  with the Member I want to remove from my domain workstations.

Thank you  [
local-admins.jpg
0
Comment
Question by:Randy Madej
  • 3
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586499
Use within that GPO node named Restricted Groups. You can read more abot that in the Internet because it's inconvenient placing links on a mobile ;)

If you have at least one Win7/2008 you can use Group Policy Preferences for that, but firstly you need to install Client Side Extension on XP/ 2003 machine. I will post links a little bit later or you can google for that. Thanks

Regards,
Krzysztof
0
 

Author Comment

by:Randy Madej
ID: 36586555
The networi is most xp machines I have 4 Win 7 and all servers are 2003
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36586667
So, in my opinion it's better to use GPP. Instal CSE on each XP/2003 and create GPP on a 7 import to 2003 GPO and link to OU(s).

GPP information aboy that
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

CSE for XP
http://www.microsoft.com/download/en/details.aspx?id=3628

CSE for 2003
http://www.microsoft.com/download/en/details.aspx?id=6955

you can install that update from WSUS

If you don't want to use GPP, then use Restricted Groups
http://www.windowsecurity.com/articles/using-restricted-groups.html
http://technet.microsoft.com/pl-pl/library/cc756802%28WS.10%29.aspx

Krzysztof
Krzysztof
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36586687
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586717
Nope, this link from Mike's blog is for filtering GPO appliance :) He needs to restrict membership of local Administrators group on a server/PC :]

Krzysztof
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36586734
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now