Never been super knowledgable about creating network policies, or enforcing policies automagically; but I remember working desktop support for a company that automatically removed users from the local administrator group.
As many desktop techs are familar with, users are typically put in the local administrator groups to facilitate software installs/configurations etc.
Does any network engineers/desktop engineers know the best way to make sure that user logins are removed from the computer's local administrator group by setting up an automated check on login or whenever group policies are checked on the computer?
Just want to pass this info on to the engineers here at work where they are asking us to remember to remove everyone from the local Administrator Group and place them in the Power Users Group manually.
Thanks a ton for your help on this.