Solved

Group Policy, Server 2012: Remove local Administrator users on Workstations, not Servers

Posted on 2016-08-23
3
39 Views
Last Modified: 2016-08-23
Good Afternoon,

We are currently in the midst of a "Security Shake Up" at my company.

We wish to remove all Users from the Local Administrator group on all User Workstations throughout the company, excepting a few Admin users. While I know we can do this through User Configuration > Preferences > Control Panel Settings > Local Users and Groups, we are NOT wanting these Group Policy settings to affect the local Administrator group on the Servers.

I am curious if there is a way to set a Group Policy that will remove all users from a machines local Administrator group on Workstations, but not on the Servers. User systems have Windows 7, Windows 8.1, and Windows 10 64-Bit installed. We already have all User systems sorted into an OU, and Servers in a separate OU, in AD, if that helps.

Thanks in advance!
0
Comment
Question by:Woodrax
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
FOX earned 500 total points
ID: 41767531
Use group policy preferences.  You will remove all the local admins on the workstations and set the new local admins.  Point the gpp to the OU with your workstations.

ref link: http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
0
 

Author Closing Comment

by:Woodrax
ID: 41767639
Guess it has been too long since I enacted new Group Policy. Forgot how easy Group Policy Management makes it to link to existing OU structure. Thanks!
0
 
LVL 16

Expert Comment

by:FOX
ID: 41767643
Good work
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now