Server 2008 Local Admin group policy

Posted on 2012-08-29
Last Modified: 2012-10-29
Is it possible to use group policy on server 2008 to check if someone is a local admin on the PC their logging onto and if they are, remove them?


Question by:GarveyJ
    LVL 53

    Accepted Solution

    I do not believe that there is a specific setting/s in group policy to accomplish this. You can however create a script using powershell that can be performed on a single computer.

    Although there is no real good way to accomplish this via group policy setting, if you have created the poweshell script successfully you could use grou policy to distribute this to machines as a script.

    Creating Powershell Script -

    Adding Powershell script to Group Policy -

    Hope this helps!
    LVL 1

    Assisted Solution

    I see an option in group policy manager to "remove all members" and add members, could i not remove all members and just add "domain admins" into it?

    I don't want any user to have admin access locally unless they are an admin on the domain
    LVL 12

    Assisted Solution

    That should work.
    LVL 1

    Author Closing Comment

    problem is now fixed using advice

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now