?
Solved

Need to revoke local admin rights for all users - domain-wide using GPO.

Posted on 2014-12-02
2
Medium Priority
?
242 Views
Last Modified: 2015-01-02
Currently users have local admin rights and this is no longer necessary.  What's the best and easiest method to change a current user who's a local admin to a regular user.  Thanks.
0
Comment
Question by:LB1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Accepted Solution

by:
Walter Padrón earned 750 total points
ID: 40476904
Open the Group Policy Management console and create a new GPO

Under Computer configuration > Windows Settings > Security Settings > Restricted Groups add the local  Administrators group, if you setup the "Members of this group " portion of the policy, it will remove anything else that is listed locally. It will only apply the group that is in your policy.

** Make sure to get the "Domain Admins" group added and the policy added to computers OU

Best regards
0
 
LVL 15

Assisted Solution

by:Rob Stone
Rob Stone earned 750 total points
ID: 40477033
Another method is to use GPP which offers more flexibility.  This post offers a really good overview of how you can use it to dynamically assign users local admin with item-targeting or by using AD Groups.

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses
Course of the Month12 days, 15 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question