Hello,
We want to remove the users from Local Admin status on all pcs. What I have done is created a test OU & put a test pc there. Under a new group policy I added Restricted group called Administrators and made members only the ids I wanted ( Domain Admins, local Admin, etc)I took the test machine & put about 10 additional users inthe local admin group before I enabled the policy. After rebooting the pc I checked the local admin group & all of the users I put in were gone, only the ids in the policy were listed.
Now, If I go in & manually add names now ( after the policy has been put into effect)& reboot the pc the names stay in the local admin group. I have to take this pc out of the OU & put it back in to get rid of those names.
Question is, how do I ensue that any changes made to the local admin group will revert to the policy? AND, based upon your experiences, would I want to do that? Should I just remove the end user from local admin & then afterwards make changes to local admins as needed?
Thanks,
Steve
We want to remove the users from Local Admin status on all pcs. What I have done is created a test OU & put a test pc there. Under a new group policy I added Restricted group called Administrators and made members only the ids I wanted ( Domain Admins, local Admin, etc)I took the test machine & put about 10 additional users inthe local admin group before I enabled the policy. After rebooting the pc I checked the local admin group & all of the users I put in were gone, only the ids in the policy were listed.
Now, If I go in & manually add names now ( after the policy has been put into effect)& reboot the pc the names stay in the local admin group. I have to take this pc out of the OU & put it back in to get rid of those names.
Question is, how do I ensue that any changes made to the local admin group will revert to the policy? AND, based upon your experiences, would I want to do that? Should I just remove the end user from local admin & then afterwards make changes to local admins as needed?
Thanks,
Steve
