Automated Way to Remove Domain Users from Administrators Group

I have a LAN where all the workstations (Windows 7 and XP) have Domain Users added to the Local Administrators group. Is there and automated way to remove Domain User from the local Administrators group i.e. with a Net command I can put in the login script?
LVL 15
LockDown32OwnerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
net localgroup administrators %username% /delete
0
 
lruiz52Connect With a Mentor Commented:
Or you can configure "Restricted Groups" in a GPO.

When you set this policy, it will overwrite any existing local group members, you dictate who the members are.

You will find this in Computer Configuration\Security Settings\Restricted Groups.

Modify the GPO to include the groups you want to be effective You will need to include the Local Administrator Account also,  This will REPLACE any current groups that exist on the machine and without specifying an Local Administrator account in the GPO, you may lock yourself out of the computer!

For a how to check the link below;
http://windowsmatters.com/2011/09/16/how-to-use-restricted-groups

Hope this helps!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.