Disallow group policy actions on local computer joined to domain
Posted on 2014-01-02
Assuming we have a domain user acccount and the account is part of local Administrators group, post joining a Windows 7 Ent desktop to a 2003 domain, there is a need to accomplish the following:
- Disallow creation / addition of any other service or individual domain users / groups via Domain Admins and related group policies settings within AD.
Can this be accomplished using local windows firewall or group security policy settings to override domain administered policies ?