Need to revoke local admin rights for all users - domain-wide using GPO.

Currently users have local admin rights and this is no longer necessary.  What's the best and easiest method to change a current user who's a local admin to a regular user.  Thanks.
LVL 1
LB1234Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Walter PadrónConnect With a Mentor Commented:
Open the Group Policy Management console and create a new GPO

Under Computer configuration > Windows Settings > Security Settings > Restricted Groups add the local  Administrators group, if you setup the "Members of this group " portion of the policy, it will remove anything else that is listed locally. It will only apply the group that is in your policy.

** Make sure to get the "Domain Admins" group added and the policy added to computers OU

Best regards
0
 
Rob StoneConnect With a Mentor Commented:
Another method is to use GPP which offers more flexibility.  This post offers a really good overview of how you can use it to dynamically assign users local admin with item-targeting or by using AD Groups.

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
0
All Courses

From novice to tech pro — start learning today.