Generally, a computer is deployed to a specific user and that individuals network account is added to the users group on the computer. On occasion that account may have been added to the administrators group during set up and not moved back to the users group prior to deployment.
Is there are way to move users from the administrators group to the users group using group policy on their respective computers?
In the past I was able to add the Domain Admin account to each computer's administrators group using the Restricted Groups node, on a domain wide group policy. Is the process similiar to this? I am worried that I will create a local account for all users on all computers.