[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

Automated Way to Remove Domain Users from Administrators Group

I have a LAN where all the workstations (Windows 7 and XP) have Domain Users added to the Local Administrators group. Is there and automated way to remove Domain User from the local Administrators group i.e. with a Net command I can put in the login script?
0
LockDown32
Asked:
LockDown32
2 Solutions
 
David Johnson, CD, MVPOwnerCommented:
net localgroup administrators %username% /delete
0
 
lruiz52Commented:
Or you can configure "Restricted Groups" in a GPO.

When you set this policy, it will overwrite any existing local group members, you dictate who the members are.

You will find this in Computer Configuration\Security Settings\Restricted Groups.

Modify the GPO to include the groups you want to be effective You will need to include the Local Administrator Account also,  This will REPLACE any current groups that exist on the machine and without specifying an Local Administrator account in the GPO, you may lock yourself out of the computer!

For a how to check the link below;
http://windowsmatters.com/2011/09/16/how-to-use-restricted-groups

Hope this helps!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now