[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

Server 2008 Local Admin group policy

Is it possible to use group policy on server 2008 to check if someone is a local admin on the PC their logging onto and if they are, remove them?

Regards

James
0
GarveyJ
Asked:
GarveyJ
  • 2
3 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
I do not believe that there is a specific setting/s in group policy to accomplish this. You can however create a script using powershell that can be performed on a single computer.

Although there is no real good way to accomplish this via group policy setting, if you have created the poweshell script successfully you could use grou policy to distribute this to machines as a script.

Creating Powershell Script - http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/57dce472-0c20-4794-ad2e-e7ad999a2c32

Adding Powershell script to Group Policy - http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/14/weekend-scripter-using-group-policy-to-deploy-a-windows-powershell-logon-script.aspx

Hope this helps!
0
 
GarveyJAuthor Commented:
I see an option in group policy manager to "remove all members" and add members, could i not remove all members and just add "domain admins" into it?

I don't want any user to have admin access locally unless they are an admin on the domain
0
 
Seaton007Commented:
That should work.
0
 
GarveyJAuthor Commented:
problem is now fixed using advice
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now