<div>
Guess it has been too long since I enacted new Group Policy. Forgot how easy Group Policy Management makes it to link to existing OU structure. Thanks!
</div>


Guess it has been too long since I enacted new Group Policy. Forgot how easy Group Policy Management makes it to link to existing OU structure. Thanks!

<div>
<div class="content wysiwyg-content">
Good Afternoon,<br />
<br />
We are currently in the midst of a &quot;Security Shake Up&quot; at my company. <br />
<br />
We wish to remove all Users from the Local Administrator group on all <b><u>User</u></b> Workstations throughout the company, excepting a few Admin users. While I know we can do this through User Configuration &gt;&nbsp;Preferences &gt;&nbsp;Control Panel Settings &gt;&nbsp;Local Users and Groups, we are NOT wanting these Group Policy settings to affect the local Administrator group on the Servers.<br />
<br />
I am curious if there is a way to set a Group Policy that will remove all users from a machines local Administrator group on Workstations, but not on the Servers. User systems have Windows 7, Windows 8.1, and Windows 10 64-Bit installed. We already have all User systems sorted into an OU, and Servers in a separate OU, in AD, if that helps.<br />
<br />
Thanks in advance!
</div>
</div>


Good Afternoon,

We are currently in the midst of a "Security Shake Up" at my company. 

We wish to remove all Users from the Local Administrator group on all User Workstations throughout the company, excepting a few Admin users. While I know we can do this through User Configuration > Preferences > Control Panel Settings > Local Users and Groups, we are NOT wanting these Group Policy settings to affect the local Administrator group on the Servers.

I am curious if there is a way to set a Group Policy that will remove all users from a machines local Administrator group on Workstations, but not on the Servers. User systems have Windows 7, Windows 8.1, and Windows 10 64-Bit installed. We already have all User systems sorted into an OU, and Servers in a separate OU, in AD, if that helps.

Thanks in advance!

Group Policy, Server 2012: Remove local Administrator users on Workstations, not Servers

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.