Remove user account from local administrators group via GPO
HI, tomorrow we need to go through Security Clean up process due to which we need to remove all domain or local users from the Local Administrators group from each corp desktops or laptops. Doing the same manually will be really a hectic job so I wanted to know if there is any way we can do this through GPO?
Also let me know how can I add the authorized account ( i.e. OU admin) into local administrators group via GPO as well. Thank you very much.
Re: Remove user account from local administrators group via GPO
Yes, you can do it from the “Restricted groups” option. "Members of this group" will replace the existing ones with that accounts/groups that you like to have. You can do this from the below steps:
If you’re using the Group Policy Editor, you navigate to the OU where the client computers reside and right-click it. Choose “Properties” and “Group Policy” where you create a new Policy and click “Edit”. You then navigate to:
CompConf\Windows Settings\Security Settings\ and then right-click “Restricted Groups” and choose “Add Group”.
Re: Remove user account from local administrators group via GPO
yes, using the restricted groups feature in a GPO. use the MEMBERS option