Re: Remove Administrator Account from Administrators Group

Yep. That part I got. I was just not seeing where to find the policy to
rename the local Administrator account. I'm trying Mathieu's suggestion for
that, and will post back here once I have tested it.

--Tom

"Paul O" <polson@xxxxxxxxx> wrote in message
news:ui9eVvP6HHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
I use GPMC Computer Config>Windows Settings>Security Settings>Restricted
Groups to add or remove local groups from the local admin group.
Look up 'Restricted Groups' on MS or the web for more info.

PaulO

"Thomas M." <NoEmailReplies@xxxxxxxxxx> wrote in message
news:u7zTcgM6HHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
We are in the process of creating a group policy that will limit user
rights on the desktop. A major element of our group policy is that it
will push down the local Administrators group, which will contain a
domain group for Network Administrators so that we will have
administrator rights to all machines. Currently, the local Administrator
account is a member of the Administrators group that is pushed down by
the group policy. Our security officer would like us to either remove
the local Administrator account from the group policy, or push it down
under a different name. In other words, if you were to logon to a PC
that gets the group policy, and check the local Administrators group, you
would not see the local Administrator account listed as a member, but you
might see an account called something like "SecureDesktop" that would be
the local Administrator account under a different name.

Given that you can't manually remove the local Administrator account from
the local Administrators group (you get a message akin to, "This action
is not allowed for built-in accounts"), I would say that what our
security officer is asking may not be possible. However, I am very new
to group policies and thought that I should seek some expert advice on
whether or not this can be achieved through a group policy.

Is there a way through a group policy to remove the local Administrator
account from the local Administrators group, or to push it down under a
different name?

--Tom





.

Relevant Pages

  • Re: Remove Administrator Account from Administrators Group
    ... A more security issue is to have random password. ... A major element of our group policy is that it will push down the local Administrators group, which will contain a domain group for Network Administrators so that we will have administrator rights to all machines. ... the local Administrator account is a member of the Administrators group that is pushed down by the group policy. ...
    (microsoft.public.windows.group_policy)
  • Remove Administrator Account from Administrators Group
    ... We are in the process of creating a group policy that will limit user rights ... the local Administrator account is a member of the ...
    (microsoft.public.windows.group_policy)
  • Re: Remove Administrator Account from Administrators Group
    ... He understands that renaming the local administrator account ... it's one additional measure that we can take and group policy makes it easy, ... to group policies and thought that I should seek some expert advice on ...
    (microsoft.public.windows.group_policy)
  • Re: Remove Administrator Account from Administrators Group
    ... As for the LAN man hash, is this the policy that you are referring to: ... Currently, the local Administrator ... the local Administrator account from the group policy, or push it down ... would not see the local Administrator account listed as a member, ...
    (microsoft.public.windows.group_policy)
  • Re: Remove Administrator Account from Administrators Group
    ... "Mathieu CHATEAU" wrote in message ... that there might be a policy for it somewhere. ... Our security officer would like us to either remove the local Administrator account from the group policy, or push it down under a different name. ...
    (microsoft.public.windows.group_policy)
Loading