Restrict both local machine accounts and domain accounts from login

Relevant Pages

• Re: Local Admin & Group Policy Question
  ... >I wanted to make Domain Admins a local administrator of all machines ... >through Group Policy (I think this happens by default when a machine is ... >appears to overwrite what's already in the local administrators group. ... But since your users are local admins (how else could they remove Domain Admins?) ...
  (microsoft.public.win2000.group_policy)
• Re: Script to enumerating list of Local Admingroup member of all domai
  ... Administrator as members of machine local Administrators ... group on all machines, just define this as a Restricted Group ... domain admins and local administartor account from the computer. ...
  (microsoft.public.windows.server.scripting)
• Re: Add Domain Admin to local XP Admin group
  ... Yes Domain Admins are in the Local Administrator group. ... local Administrators in a given workstation or in all Workstations. ... Jorge Silva ... members of the local Administrators group of the machine by default. ...
  (microsoft.public.windows.server.active_directory)
• Re: group policy question
  ... > You need to make sure they are local administrators on the affected ... > workstations in order to be able to install software, ... >> domain admins since there are subsites we do not want them to access, ...
  (microsoft.public.windows.server.sbs)
• Re: no access rights to change properties network connection
  ... Restart workstation - login - no changes... ... You create the user as a local user and you are still logging on local? ... Administrators and because the domain admins are mapped to the ... local administrators, the domain user you created is a local admin. ...
  (microsoft.public.windows.group_policy)