Change Groups in Local Admin group

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm looking for a command line that will delete all entries from the local
admin group with exceptions.

For instance, I can add a group to local admin by using
"NET LOCALGROUP Administrators /add groupname"

Anyone know of a way to delete all groups in there?
 
I don't know of a command line way offhand but for domain computers you can
use Group Policy "restricted groups" at the OU level to define exactly what
groups can be in the local administrators group of computers in that OU. If
you remove restricted groups from the GPO, the membership in the local
administrators groups would stay the way restricted groups enforced them
and then you could use net localgroup if you want to. --- Steve
 
You would likely need to write a small script for this,
and then keep it up-to-date on the allowed exceptions.
 
Back
Top