asked on

Windows 7 - remove users from local admin domain wide

Good morning experts and happy Thursday (Friday is alomst here!)

I have been given the project and time to plan and implemenet removal of 300 users from the local admin group on Windows 7 in a Windows 2008 domain. I have done some reading of posts here but haven't found anything truly applicable.

My goal is to leave my users with as much privilege as possible while removing local admin privileges. Can you offer some insight, direction, advice, details ?

Mike Kline

So the first thing is why do they have local admin rights to begin with? I'm not saying that as a bad thing. I have worked for several IT consulting companies where we have had local admin rights on our laptops because we needed to install programs, make customizations etc.

You can use restricted groups to define your local admins

http://www.frickelsoft.net/blog/?p=13

Thanks

Mike

enorman1

ASKER

Hey Mike.

Giving local admin privileges to our users has been a common practice since I've been here and one supported and endorsed. Now, the time has come to remove those privileges as a directive from above. The auditors have stepped in with this as a strong recommendation.

Using the link, will this remove users from the local admin group ? And, is there a choice as to what group to put them in ? I have much to learn specific to Windows 7 permissions and the application.

ASKER CERTIFIED SOLUTION

Mike Kline

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

enorman1

ASKER

Thanks Mike. You and the other experts are appreciated, as always !

Ed