Re: Need to fix Local Admin rights problem

Tech-Archive recommends: Fix windows errors by optimizing your registry

That it will. You'd have to use Restricted groups to take out the riff-raff,
remove the policy, and then add back in the one-offs manually or with
cusrmgr.

Otherwise, "certain groups" on "certain machines" would involve multiple
instances of restricted group policy objects and appropriate OU structures
or complex GPO filtering.

--
/kj
"Lewis Howell" <lewisbhowell@xxxxxxxxx> wrote in message
news:Oo3yHZYPGHA.740@xxxxxxxxxxxxxxxxxxxxxxx
FYI: Once you setup this policy (Computer Config/Security
Settings/Restricted Groups) all members of the Local Administrators group
WILL BE overwritten. The GPO does not merge the members.

"kj" <kj@xxxxxxxxxxx> wrote in message
news:%23cW0XXVPGHA.1760@xxxxxxxxxxxxxxxxxxxxxxx
You'll probably find a combination of restricted groups and cusrmgr.exe
tools that will meet your needs.

--
/kj
"Bad Beagle" <maxwelli@xxxxxxxxxxxxxxxx> wrote in message
news:ew0IhAVPGHA.2268@xxxxxxxxxxxxxxxxxxxxxxx
I need to fix a big issue. All our users have local admin rights on
their machines. When the techs setup the machines they add domain\users
to the administrators group. Every domain user on my network can connect
to each others machines. I would like to fix this with a gpo. I cannot
remove local admin rights yet but I would at least like to take one step.

I would like to allow certain groups to local admin rights on certain
machines. I would like to do this by ou or group.

Can someone point me in the right direction?







.

Relevant Pages

  • Re: Restricted Groups Not Working
    ... Also all machines are running SP2 and with the latest hotfixes as ... > serviced by the 'nottsxpadmins' policy. ... are all the machines (desktops and laptops) running XP ... >>>to get the restricted groups setting working on a load of laptops. ...
    (microsoft.public.windows.group_policy)
  • Re: Need to fix Local Admin rights problem
    ... Check out the Restricted Groups security policy feature. ... the Windows Group Policy Guide is out from Microsoft Press!!! ... When the techs setup the machines they add domain\users to the ... I would like to allow certain groups to local admin rights on certain ...
    (microsoft.public.windows.group_policy)
  • Re: Need to fix Local Admin rights problem
    ... You'll probably find a combination of restricted groups and cusrmgr.exe ... When the techs setup the machines they add domain\users to the ... I would like to allow certain groups to local admin rights on certain ...
    (microsoft.public.windows.group_policy)
  • Re: Restricted Groups Not Working
    ... 2:Please bear in mind that 90% of the policy is applying it only seems to be the restricted groups section that isnt taking effect and 'allow to load and unload device drivers' which also doesnt seem to be working. ... Also all machines are running SP2 and with the latest hotfixes as provided by our SUS server. ... When adding users to the "Administrators" group, remember that you can't browse for that group, you have to type "Administrators". ... In the "Members of this group", browse for the "Global Security Group" created in Step 1. ...
    (microsoft.public.windows.group_policy)
  • Re: EventID 1054 from Userenv for startup script
    ... So if you said "some machines don't have full access to the network ... at startup" the GPO's seems not to apply correct. ... startup script policy. ...
    (microsoft.public.windows.group_policy)