Changing local machine group membership with GPO

[Guest]

Hello
I am looking for a way to use GPO or a script in GPO to remove the Domain Users account from the local admin group on the client PCs
I want to then put the Domain users group into the local Power users group
Is there a way I can automate this..
TIA

 

[Steven L Umbach]

You could use a startup script for computers via Group Policy. If need be put the
computers you want to effect change on in an Organizational Unit to do such. The net
localgroup command would work as in [ net localgroup administrators
"domainname\domain users" /delete] and [ net localgroup "power users"
"domainname\domain users" /add ]. --- Steve

Hello
I am looking for a way to use GPO or a script in GPO to remove the Domain Users

account from the local admin group on the client PCs

 

[Guest]

Thanks for that, Exactly what i needed

You could use a startup script for computers via Group Policy. If need be put the
computers you want to effect change on in an Organizational Unit to do such. The net
localgroup command would work as in [ net localgroup administrators
"domainname\domain users" /delete] and [ net localgroup "power users"
"domainname\domain users" /add ]. --- Steve

Hello
I am looking for a way to use GPO or a script in GPO to remove the Domain Users

account from the local admin group on the client PCs

I want to then put the Domain users group into the local Power users group
Is there a way I can automate this..
TIA

 

[Stuart Hawes]

Brad,

You could use a GPO:

Under computer settings -> Security Settings -> Restricted Groups

Define something like:

BUILTIN\Administrators Administrator, yourdomain\Domain Admins

BUILTIN\Backup Operators

BUILTIN\Print Operators

BUILTIN\Power users yourdomain\Domain users

BUILTIN\Users yourdomain\Domain users

Hope that helps

Stuart

Hello
I am looking for a way to use GPO or a script in GPO to remove the Domain

Users account from the local admin group on the client PCs