enorman1
asked on
Windows 7 - remove users from local admin domain wide
Good morning experts and happy Thursday (Friday is alomst here!)
I have been given the project and time to plan and implemenet removal of 300 users from the local admin group on Windows 7 in a Windows 2008 domain. I have done some reading of posts here but haven't found anything truly applicable.
My goal is to leave my users with as much privilege as possible while removing local admin privileges. Can you offer some insight, direction, advice, details ?
I have been given the project and time to plan and implemenet removal of 300 users from the local admin group on Windows 7 in a Windows 2008 domain. I have done some reading of posts here but haven't found anything truly applicable.
My goal is to leave my users with as much privilege as possible while removing local admin privileges. Can you offer some insight, direction, advice, details ?
ASKER
Hey Mike.
Giving local admin privileges to our users has been a common practice since I've been here and one supported and endorsed. Now, the time has come to remove those privileges as a directive from above. The auditors have stepped in with this as a strong recommendation.
Using the link, will this remove users from the local admin group ? And, is there a choice as to what group to put them in ? I have much to learn specific to Windows 7 permissions and the application.
Giving local admin privileges to our users has been a common practice since I've been here and one supported and endorsed. Now, the time has come to remove those privileges as a directive from above. The auditors have stepped in with this as a strong recommendation.
Using the link, will this remove users from the local admin group ? And, is there a choice as to what group to put them in ? I have much to learn specific to Windows 7 permissions and the application.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Mike. You and the other experts are appreciated, as always !
Ed
Ed
You can use restricted groups to define your local admins
http://www.frickelsoft.net/blog/?p=13
Thanks
Mike