Local Users and Groups

I wold like to enable a group policy that only the follow X administrators will be added to the local machine administrator group and no user.  
I noticed the GPO - User Configuration - Local Users and Group - Admnistrators Built-n

attached. would be correct and add the members into the admin area.
Capture.GIF
shorisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
You will probably want to use Restricted groups.

http://www.frickelsoft.net/blog/?p=13
0
shorisAuthor Commented:
ok what about the policy I have uploaded, what does this do ? does it not disable any user account to be added to the Local Admin group on the workstation?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Joseph MoodyBlogger and wearer of all hats.Commented:
That would be a group policy preference - it is used to add users to groups and is normally placed in the computer configuration node.

Most people use restricted groups because they are more secure than preferences. They will undo changes made manually by an administrator (such as a staff member adding another staff member to the local admins group)
0
shorisAuthor Commented:
ok but in a nutshell the policy above would be still considered ok since we are making sure that users are not allowed in the Local Admin group but an Admin can add them in and that's ok I do want some flexibility.

Would that be correct?
0
Joseph MoodyBlogger and wearer of all hats.Commented:
I would put it on the computer side. preferences will work for what you want to do.
0
SandeshdubeySenior Server EngineerCommented:
Ensure that restricted group policy is configured correctly else it will not only add required members to local Administratiors, but it will remove any members that were in local Admins previously.You need to select the bottom box under "This Group is a member of," so it won't wipe out current members on all machines.http://www.frickelsoft.net/blog/?p=13
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.