Solved

Is there a way to move users from the administrator group to the users group using group policy?

Posted on 2012-04-03
6
237 Views
Last Modified: 2012-04-03
Generally, a computer is deployed to a specific user and that individuals network account is added to the users group on the computer.  On occasion that account may have been added to the administrators group during set up and not moved back to the users group prior to deployment.  

Is there are way to move users from the administrators group to the users group using group policy on their respective computers?

In the past I was able to add the Domain Admin account to each computer's administrators group using the Restricted Groups node, on a domain wide group policy.  Is the process similiar to this?  I am worried that I will create a local account for all users on all computers.
0
Comment
Question by:LenCepeda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 250 total points
ID: 37803251
Sounds like you want to use restricted groups.

Take a look at this...

http://www.petri.co.il/forums/showthread.php?t=25515


computer configuration \ windows settings \ restricted groups

group = your group to be made local admins
member of = BUILTIN\Administrators
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 125 total points
ID: 37803255
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 250 total points
ID: 37803256
Here is another good article talking about it...

http://www.pcreview.co.uk/forums/adding-group-user-local-admins-group-all-workstations-t3490156.html

although this one seems to explain the best -

http://www.frickelsoft.net/blog/?p=13
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Assisted Solution

by:Deepu Chowdary
Deepu Chowdary earned 125 total points
ID: 37803262
yes, u can do that using the restricted groups feature in a GPO , use the MEMBERS option.

Check this

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37803267
not sure how a forum discussion is considered an article
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37803274
I am sorry, I am unable to edit now because of your post. Should I retract my posting because I called it an "article" instead of a "discussion"?
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question