Re: remove local admin right in 200 client computer
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 Oct 2007 20:46:45 -0500
You could use Group Policy Restricted Groups using "members of this group"
to enforce membership of the local administrators group. When applied only
the users/groups specified will be in the local administrators group on the
domain computers within the scope of the Group Policy and other users/groups
will be removed with the exception of the built in administrator account and
I suggest including domain admins also as member of the included groups. The
link below explains in detail how to use Restricted Groups and I suggest
that you create an Organizational Unit to configure it for and then move the
computer accounts you want to affect into that OU which can be a child OU of
an existing OU. I don't recommend using Restricted Groups at the domain
level as you run the risk of affecting domain controllers, etc if not done
correctly.
Steve
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html ---
Restricted Groups
"Alexander Brown" <alexanderbrown@xxxxxxxxxxx> wrote in message
news:%23FsbdTSEIHA.4400@xxxxxxxxxxxxxxxxxxxxxxx
Dear all,
We are a middle-size company around 200 staffs. For improve the security
control, we are planning to remove all user local admin right in their
computer. Any logon script, group policy or registry can help us to remove
local admin right in our user computer?
Best regards,
Alexander
.
- References:
- remove local admin right in 200 client computer
- From: Alexander Brown
- remove local admin right in 200 client computer
- Prev by Date: Re: lost administrator account
- Next by Date: Re: Searching for Users with Local Admin rights
- Previous by thread: remove local admin right in 200 client computer
- Next by thread: Re: Searching for Users with Local Admin rights
- Index(es):
Relevant Pages
|
