Re: Removing everyone group from Administrator group
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 12/21/04
- Next message: zeyan: "RE: local area connection unplugged???"
- Previous message: Alex Nichol: "Re: Repair Install"
- In reply to: Wayne Rollins: "Removing everyone group from Administrator group"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 21 Dec 2004 13:28:04 +0100
Wayne Rollins wrote:
> On my domain I have WGMs that have placed the everyone group into
> the administrators group. Is there a way to remotely remove that
> group through say a script or is there a way to prevent them from
> doing all together by tweaking the registry?
Hi
Two options for you if this is an Active Directory domain:
A)
You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.
The following command in the startup script will delete the Everyone
entry in the Administrators group:
Net.exe LOCALGROUP Administrators Everyone /DELETE
B)
Restricted Groups enforced with Group Policy is maybe an option:
http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40tk2msftngp13.phx.gbl
and
How to Configure a Global Group to Be a Member of the Administrators Group on
all Workstations
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
Note that the Restricted Groups policy will remove any entries in
the Administrators that is not defined in the policy.
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Next message: zeyan: "RE: local area connection unplugged???"
- Previous message: Alex Nichol: "Re: Repair Install"
- In reply to: Wayne Rollins: "Removing everyone group from Administrator group"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
