NT AUTHORITY/INTERACTIVE auto populating the admin group

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I am running XP Pro SP1, and have a issue I need to resolve.

Every time the machine boots, the NT AUTHORITY/INTERACTIVE account is added
to the admin group. If I remove the account and then reboot, it auto
populates the admin group at next boot.

I am going to deploy this image to a number of machines, and do not want the
users to have admin access, and they will if this account is in the admin
group.

Is there a registry setting, or a MMC snap in I can use to prevent the
account from being added to the admin group at each login?

Thanks
-John
 
JohnB said:
I am running XP Pro SP1, and have a issue I need to resolve.

Every time the machine boots, the NT AUTHORITY/INTERACTIVE account
is added to the admin group. If I remove the account and then reboot,
it auto populates the admin group at next boot.

I am going to deploy this image to a number of machines, and do not
want the users to have admin access, and they will if this account
is in the admin group.

Is there a registry setting, or a MMC snap in I can use to prevent
the account from being added to the admin group at each login?
Click to expand...
Hi

I would think it is something in Active Directory that pushes out this,
and you will then need to change it there.

This adding of the account could come from a computer startup script or
logon script (both triggered by a GPO), or it can be a Restricted Groups
GPO.


More about Restricted Groups enforced with Group Policy here:

http://groups.google.com/[email protected]

and

How to Configure a Global Group to Be a Member of the Administrators
Group on all Workstations
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

Note that this will delete all existing members of the local group you
apply this policy to.
 
Thanks for the input Torgier,

I am working with an image of an AD domain machine that I created and
deployed on another machine that I made a member of a workgroup. So neither
of these articles apply to the issue.

I think you’re on to something with the local script, but I checked the
logon and startup scripts in the local GPO, and both were blank.

Any other suggestions would be appreciated.

Thanks
-John
 
Back
Top