Re: Remove users from local groups
Where did you apply the policy? At the domain level or OU level? OU policy
maybe blocking the domain policy from propagating.
"Haggis" <Haggis@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FCC8B5FE-CE9F-472F-80C4-8EA23FEC7D00@xxxxxxxxxxxxxxxx
I am currently trying to use restricted groups in nGPO to remove users that
are local administrators. I have successfully set up 2 restricted groups.
1. domainname\Domain Admins which are members of Administrators and
2. domainname\Domain Users which are members of Users.
I can see on the PC that this haas been enforced but the specific user
that
has been made a local administrator (in the past) is not being removed
from
the local administrator group.
Isn't this what is supposed to happen or am i missing something. Over time
quite a few users have been specified local admins and i need this to work
to
revoke perms.
Any help appreciated.
.
Relevant Pages
- Re: Remove Administrator Account from Administrators Group
... "Mathieu CHATEAU" wrote in message ... that there might be a policy for it somewhere. ... Our security officer would like us to either remove the local Administrator account from the group policy, or push it down under a different name. ...
(microsoft.public.windows.group_policy) - Re: Remove Administrator Account from Administrators Group
... As for the LAN man hash, is this the policy that you are referring to: ... Currently, the local Administrator ... the local Administrator account from the group policy, or push it down ... would not see the local Administrator account listed as a member, ...
(microsoft.public.windows.group_policy) - Re: Remove Administrator Account from Administrators Group
... that there might be a policy for it somewhere. ... "Mathieu CHATEAU" wrote in message ... Our security officer would like us to either remove the local Administrator account from the group policy, or push it down under a different name. ...
(microsoft.public.windows.group_policy) - Re: Software Restriction Hash
... Since it is a machine policy, ... Of course restricting any local administrator is extremely difficult as ... > The hash was created, in this case AOL V9, in the machine GP policy. ... > The path rule could be used, and I have not tried that yet. ...
(microsoft.public.win2000.security) - Re: Local Admin Rights -> but no right to change the System Time?
... It is difficult to impossible to restict a local administrator who knows the ... The setting you are configuring is a machine policy, ... > In the Default Domain Policy i gave the Rights for Changing System Time ... > they're in the Local Admin Group). ...
(microsoft.public.win2000.group_policy) |
|
