Re: Script to enumerating list of Local Admingroup member of all domai

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/24/04

Next message: Torgeir Bakken \(MVP\): "Re: Putting a comma in (cn=user) when creating a user in AD"
Previous message: Roger Abell: "Re: Putting a comma in (cn=user) when creating a user in AD"
In reply to: Wali: "Script to enumerating list of Local Admingroup member of all domai"
Next in thread: Antknee: "Re: Script to enumerating list of Local Admingroup member of all d"
Reply: Antknee: "Re: Script to enumerating list of Local Admingroup member of all d"
Messages sorted by: [ date ] [ thread ]

Date: Sat, 24 Jul 2004 10:32:48 -0700

If you know that you want one Domain Admins and local
Administrator as members of machine local Administrators
group on all machines, just define this as a Restricted Group
in a GPO that has all of those machines in its mgmt scope.
This capabiity is built into AD's GPO feature and you would
be much better off letting AD do that for you.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Wali" <Wali@discussions.microsoft.com> wrote in message
news:80384668-C16C-4877-AFDD-5D043B0C0DD2@microsoft.com...
> Hi All,
>
> I m looking for a script through which i can enumertae the list of all
members of local admin group of all my domain workstations and also looking
for a way to delete all members from the local adminstrators group except
domain admins and local administartor account from the computer.
>
> Can anyone help me in this regard. Thanks in Advance.
>
> Wali

Next message: Torgeir Bakken \(MVP\): "Re: Putting a comma in (cn=user) when creating a user in AD"
Previous message: Roger Abell: "Re: Putting a comma in (cn=user) when creating a user in AD"
In reply to: Wali: "Script to enumerating list of Local Admingroup member of all domai"
Next in thread: Antknee: "Re: Script to enumerating list of Local Admingroup member of all d"
Reply: Antknee: "Re: Script to enumerating list of Local Admingroup member of all d"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Local Admin & Group Policy Question
... >I wanted to make Domain Admins a local administrator of all machines ... >through Group Policy (I think this happens by default when a machine is ... >appears to overwrite what's already in the local administrators group. ... But since your users are local admins (how else could they remove Domain Admins?) ...
(microsoft.public.win2000.group_policy)
Re: User setup
... Pay attention to the "Members of this group" and "This group is a member of". ... There you can either add additional admins to the local administrators group or replace them, which i assume will be your option to kick out the self assigned admins. ... to be able to install software on machines without having domain ...
(microsoft.public.windows.server.networking)
Local Admin & Group Policy Question
... I wanted to make Domain Admins a local administrator of all machines ... through Group Policy (I think this happens by default when a machine is ... appears to overwrite what's already in the local administrators group. ...
(microsoft.public.win2000.group_policy)
Re: Domain rights
... but you really do not want them to be members of the domain admins group ... machines, though a local administrator can remove it which may be why you are ... experiencing what you are - check the local administrators group membership on the ...
(microsoft.public.win2000.security)
Re: Domain rights
... but you really do not want them to be members of the domain admins group ... machines, though a local administrator can remove it which may be why you are ... experiencing what you are - check the local administrators group membership on the ...
(microsoft.public.win2000.security)