Group Policy, Server 2012: Remove local Administrator users on Workstations, not Servers

Good Afternoon,

We are currently in the midst of a "Security Shake Up" at my company.

We wish to remove all Users from the Local Administrator group on all User Workstations throughout the company, excepting a few Admin users. While I know we can do this through User Configuration > Preferences > Control Panel Settings > Local Users and Groups, we are NOT wanting these Group Policy settings to affect the local Administrator group on the Servers.

I am curious if there is a way to set a Group Policy that will remove all users from a machines local Administrator group on Workstations, but not on the Servers. User systems have Windows 7, Windows 8.1, and Windows 10 64-Bit installed. We already have all User systems sorted into an OU, and Servers in a separate OU, in AD, if that helps.

Thanks in advance!
WoodraxAsked:
Who is Participating?
 
FOXConnect With a Mentor Active Directory/Exchange EngineerCommented:
Use group policy preferences.  You will remove all the local admins on the workstations and set the new local admins.  Point the gpp to the OU with your workstations.

ref link: http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
0
 
WoodraxAuthor Commented:
Guess it has been too long since I enacted new Group Policy. Forgot how easy Group Policy Management makes it to link to existing OU structure. Thanks!
0
 
FOXActive Directory/Exchange EngineerCommented:
Good work
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.