Re: Remove domain user from local administrators group
From: Micheal Patterson (micheal_at_tsgincorporated.com)
Date: 10/13/04
- Previous message: Sullivan Tim P: "RE: Can we really block users from installing applications through Group policy?"
- In reply to: chang zhu: "Remove domain user from local administrators group"
- Next in thread: Jim Harrison (ISA): "RE: Remove domain user from local administrators group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "chang zhu" <cyz2000@yahoo.com>, <focus-ms@securityfocus.com> Date: Wed, 13 Oct 2004 13:44:27 -0500
----- Original Message -----
From: "chang zhu" <cyz2000@yahoo.com>
To: <focus-ms@securityfocus.com>
Sent: Tuesday, October 12, 2004 10:17 AM
Subject: Remove domain user from local administrators group
> Hi,all
>
> I just went to this new company and found out that
> each domain user is assigned to local administrators
> group.
>
> We need to remove domain user from local
> administrators group. Is there any MS utility that
> allows to do this instead of going to each workstation
>
> to remove and assign them to Power Users group?
>
> The environment is Win2K and XP.
>
> Thanks always,
>
> Chang
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
I would think that a login script containing the net localgroup directive
would help here.
The syntax of this command is:
NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN]
groupname name [...] {/ADD | /DELETE} [/DOMAIN]
As an example, what I've added in the past to "add" certain users and groups
to another group:
net localgroup administrators "mydomainname\Domain Admins" /ADD
:end
This should be just as easy to run to remove someone:
net localgroup administrators "mydomainname\Domain Users" /delete
:end
-- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Sullivan Tim P: "RE: Can we really block users from installing applications through Group policy?"
- In reply to: chang zhu: "Remove domain user from local administrators group"
- Next in thread: Jim Harrison (ISA): "RE: Remove domain user from local administrators group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
