Re: Remove Administrator Account from Administrators Group

I use GPMC Computer Config>Windows Settings>Security Settings>Restricted
Groups to add or remove local groups from the local admin group.
Look up 'Restricted Groups' on MS or the web for more info.

PaulO

"Thomas M." <NoEmailReplies@xxxxxxxxxx> wrote in message
news:u7zTcgM6HHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
We are in the process of creating a group policy that will limit user
rights on the desktop. A major element of our group policy is that it
will push down the local Administrators group, which will contain a domain
group for Network Administrators so that we will have administrator rights
to all machines. Currently, the local Administrator account is a member
of the Administrators group that is pushed down by the group policy. Our
security officer would like us to either remove the local Administrator
account from the group policy, or push it down under a different name. In
other words, if you were to logon to a PC that gets the group policy, and
check the local Administrators group, you would not see the local
Administrator account listed as a member, but you might see an account
called something like "SecureDesktop" that would be the local
Administrator account under a different name.

Given that you can't manually remove the local Administrator account from
the local Administrators group (you get a message akin to, "This action is
not allowed for built-in accounts"), I would say that what our security
officer is asking may not be possible. However, I am very new to group
policies and thought that I should seek some expert advice on whether or
not this can be achieved through a group policy.

Is there a way through a group policy to remove the local Administrator
account from the local Administrators group, or to push it down under a
different name?

--Tom



.

Relevant Pages

  • Re: Remove Administrator Account from Administrators Group
    ... will push down the local Administrators group, ... of the Administrators group that is pushed down by the group policy. ... Administrator account listed as a member, but you might see an account ...
    (microsoft.public.windows.group_policy)
  • RE: Unable to apply VS 2005 SP1
    ... Click on Software Restriction Policies ... Select "All users except local administrators" & click OK. ... In order to do above exercise, you must login with administrator account. ... Moiz Dhanji ...
    (microsoft.public.vsnet.setup)
  • RE: Restrict the ability to rename the local administrator accoun t
    ... local admin group and only if necessary give them power user authority. ... Restrict the ability to rename the local administrator account ... local administrators group) from changing the user name of the local ...
    (Focus-Microsoft)
  • Re: Prevent local administrators installing software
    ... It is difficult if users are local administrators. ... Group Policy user configuration/administrative templates/system to take ... Applications after reading the whole description of what the settings do. ... > free software from the web and installing it all over the place. ...
    (microsoft.public.win2000.networking)
  • Re: restricted groups for local admin rights
    ... Restricted Groups will not want to do what you want them. ... Whether the user is in the local administrators group on a domain computer ... then bypass domain user configuration Group Policy. ... to impossible to get the application to work as a regular user. ...
    (microsoft.public.windows.group_policy)
Loading