Solved

Is there a way to move users from the administrator group to the users group using group policy?

Posted on 2012-04-03
6
232 Views
Last Modified: 2012-04-03
Generally, a computer is deployed to a specific user and that individuals network account is added to the users group on the computer.  On occasion that account may have been added to the administrators group during set up and not moved back to the users group prior to deployment.  

Is there are way to move users from the administrators group to the users group using group policy on their respective computers?

In the past I was able to add the Domain Admin account to each computer's administrators group using the Restricted Groups node, on a domain wide group policy.  Is the process similiar to this?  I am worried that I will create a local account for all users on all computers.
0
Comment
Question by:LenCepeda
  • 3
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 250 total points
ID: 37803251
Sounds like you want to use restricted groups.

Take a look at this...

http://www.petri.co.il/forums/showthread.php?t=25515


computer configuration \ windows settings \ restricted groups

group = your group to be made local admins
member of = BUILTIN\Administrators
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 125 total points
ID: 37803255
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 250 total points
ID: 37803256
Here is another good article talking about it...

http://www.pcreview.co.uk/forums/adding-group-user-local-admins-group-all-workstations-t3490156.html

although this one seems to explain the best -

http://www.frickelsoft.net/blog/?p=13
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 12

Assisted Solution

by:Deepu Chowdary
Deepu Chowdary earned 125 total points
ID: 37803262
yes, u can do that using the restricted groups feature in a GPO , use the MEMBERS option.

Check this

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 37803267
not sure how a forum discussion is considered an article
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37803274
I am sorry, I am unable to edit now because of your post. Should I retract my posting because I called it an "article" instead of a "discussion"?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now