Solved

Group Policy, Server 2012: Remove local Administrator users on Workstations, not Servers

Posted on 2016-08-23
3
64 Views
Last Modified: 2016-08-23
Good Afternoon,

We are currently in the midst of a "Security Shake Up" at my company.

We wish to remove all Users from the Local Administrator group on all User Workstations throughout the company, excepting a few Admin users. While I know we can do this through User Configuration > Preferences > Control Panel Settings > Local Users and Groups, we are NOT wanting these Group Policy settings to affect the local Administrator group on the Servers.

I am curious if there is a way to set a Group Policy that will remove all users from a machines local Administrator group on Workstations, but not on the Servers. User systems have Windows 7, Windows 8.1, and Windows 10 64-Bit installed. We already have all User systems sorted into an OU, and Servers in a separate OU, in AD, if that helps.

Thanks in advance!
0
Comment
Question by:Woodrax
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
FOX earned 500 total points
ID: 41767531
Use group policy preferences.  You will remove all the local admins on the workstations and set the new local admins.  Point the gpp to the OU with your workstations.

ref link: http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
0
 

Author Closing Comment

by:Woodrax
ID: 41767639
Guess it has been too long since I enacted new Group Policy. Forgot how easy Group Policy Management makes it to link to existing OU structure. Thanks!
0
 
LVL 16

Expert Comment

by:FOX
ID: 41767643
Good work
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question