group policy prevent local admin change ip

Windows 2012 R2
Is there any way to prevent local administrator of a member in a domain server to change IP in Group Policy? The local Administrator isnt memeber of any domain admins group.
per-wAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dhoffman_98Commented:
The only way would be to override the members of the local administrators group, and assuming your local administrator is in the group, it would remove them.

However, that's a terrible idea. You need to keep your local administrator account secure, and keep it a member of the group... for no other reason than worst case scenarios where you can't access the machine from the domain account.

Perhaps you might want to reconsider who has the local administrator credentials, and remove them... preserving access to your local administrator accounts only for emergency purposes.
0
per-wAuthor Commented:
But what do you do if you have a teminal server for someone and the programs they run need that the user is local admin? I know i could make a new group and find out what permission they need, but the only answer i got is that it need to be local admin (it have something to do with dcom)
0
dhoffman_98Commented:
Well, the first answer is that the application that requires that is poorly written. But not that you can do anything about that.

And the second answer is that there is no way with a group policy to prevent a local administrator from being able to change an IP address on a machine, without removing them from the local administrators group... which would then defeat the needs of your application.

Do you often have people logging into a server and then just randomly changing its IP Address?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.