Announcement

Collapse
No announcement yet.

Removal of account in the local administrator group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Removal of account in the local administrator group

    I have 1000 machines and just finished the migration process.

    I want to remove some users using a script or something who put themselves as member of lcoal admins group in their onw machine instead I want to insert a new group from my domain as a master local admin account.

    How can I do that?
    Other Q is.
    Let say I created a Group policy to prevent them from installing a program will they be able to install since they are member of local admins group?

    Please advise more pow
    Learning something new always

  • #2
    You can do it in many ways: scripting (try the scripting forum), by using the NET LOCALGROUP command, and by using the RESTRICTED GROUPS section in your domain's GPO.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      BTW, SP4 for W2K presented some interesting and usefull changes to the behavior of Restricted Groups.
      Now you can use the "Memeber of" functionality to be able to add Domain Local or Domain Global groups to Local groups...
      Have a look here:

      Updates to Restricted Groups ("Member of") Behavior of User-Defined Local Groups:
      http://support.microsoft.com/default...;en-us;Q810076
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Originally posted by Daniel Petri
        and by using the RESTRICTED GROUPS section in your domain's GPO.
        LOL, someone is not reading my posts?
        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment


        • #5
          Someone IS reading your posts.
          The problem with restricted groups till SP4 was that whatever you defined would OVERRIDE local settings. Since SP4 you can ADD whatever you want.
          This is based on the difference between forward link and back link.

          Groups contain forward links to it's members.
          Remember the 5K object limit of a group in W2K ? this is because a group containing around 5K objects grew to the size that the object represented in AD could not be replicated as single instance as it exceeded the replication packet size.
          User on the other hand has a backlink attribute ("Member of") which points to the groups it is member of.

          Read the KB
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Well yes, but what made you think I don't know about the new features in SP4? The original question said nothing about the SP level.
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Hold your guns !
              It was FYI for the rest and I felt it was important enough to mention.
              Noone said you don't know the changes in SP4

              (do you ? )
              [ducking and running away ]
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment


              • #8
                Urrrrrggggghhhhhhaaaaahhhhhhh....



                Anyway, keep them coming, you're better in fishing than I am.
                Cheers,

                Daniel Petri
                Microsoft Most Valuable Professional - Active Directory Directory Services
                MCSA/E, MCTS, MCITP, MCT

                Comment

                Working...
                X