Solved

Is there a way to remove and/or create local user accounts through gpo?

Posted on 2014-09-27
3
1,493 Views
Last Modified: 2014-10-09
Is there any way to remove or add Local User accounts using your domain's group policy?

I have a bunch of local admin accounts on the network that I would love to delete without doing them one by one as they have no password protection.

Also, I would love to create new ones through GPO as well.
0
Comment
Question by:MJCS
3 Comments
 
LVL 12

Expert Comment

by:Steven Wells
Comment Utility
you can use restricted group memberships policy.
This will remove any user account from the administrators group. You can't create or delete accounts via Gpo, but you can control access to wha those accounts can do.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
Comment Utility
It can be done by running a computer account GPO to run a login script.  Below are sample commands:

net user /add jim.smith P@$$w0rd1  (create user jim.smith with password of P@$$w0rd1)
net localgroup administrator jim.smith /add  (add jim.smith to local administrators groups)
net localgroup administrators domain1\user1 (add user1 from domain1 to local administrators group)
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
Both create and delete are administrative operations and cannot be done by a login script. Use a startup script to delete those accounts.
Net user /delete accountname
As for creating, there are many ways, but some of them should be avoided as they put your whole domain in danger. Don't use a startup script using plain text passwords...the risk is, that those get read out and your machines get owned.
There used to be a way through GPO, but Microsoft has recently closed that road after admitting how dangerous it was. They advise you to use this https://support2.microsoft.com/kb/2962486?wa=wsignin1.0 ->look at the workaround paragraph.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now