Solved

Is there a way to move users from the administrator group to the users group using group policy?

Posted on 2012-04-03
6
234 Views
Last Modified: 2012-04-03
Generally, a computer is deployed to a specific user and that individuals network account is added to the users group on the computer.  On occasion that account may have been added to the administrators group during set up and not moved back to the users group prior to deployment.  

Is there are way to move users from the administrators group to the users group using group policy on their respective computers?

In the past I was able to add the Domain Admin account to each computer's administrators group using the Restricted Groups node, on a domain wide group policy.  Is the process similiar to this?  I am worried that I will create a local account for all users on all computers.
0
Comment
Question by:LenCepeda
  • 3
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 250 total points
ID: 37803251
Sounds like you want to use restricted groups.

Take a look at this...

http://www.petri.co.il/forums/showthread.php?t=25515


computer configuration \ windows settings \ restricted groups

group = your group to be made local admins
member of = BUILTIN\Administrators
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 125 total points
ID: 37803255
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 250 total points
ID: 37803256
Here is another good article talking about it...

http://www.pcreview.co.uk/forums/adding-group-user-local-admins-group-all-workstations-t3490156.html

although this one seems to explain the best -

http://www.frickelsoft.net/blog/?p=13
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 12

Assisted Solution

by:Deepu Chowdary
Deepu Chowdary earned 125 total points
ID: 37803262
yes, u can do that using the restricted groups feature in a GPO , use the MEMBERS option.

Check this

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37803267
not sure how a forum discussion is considered an article
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37803274
I am sorry, I am unable to edit now because of your post. Should I retract my posting because I called it an "article" instead of a "discussion"?
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now