Hello Chris,
For both options you can use Restricted groups with a GPO:
http://www.frickelsoft.net/blog/?p=13
Pay attention to the "Members of this group" and "This group is a member
of". There you can either add additional admins to the local administrators
group or replace them, which i assume will be your option to kick out the
self assigned admins.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> Hello there,
>
> I'm trying to find a good source of information on best practices for
> client management in a domain environment.
>
> We have a windows 2003 domain with about 50 users. We're renewing our
> network and would like to clean things up. Two issues we've been
> having and would like to address are:
>
> 1. Create an "installer" account that would allow some of our IT guys
> to be able to install software on machines without having domain
> administrator access.
>
> 2. Some users managed to add themselves as local administrators on
> their machines. Is there a way to disable local admins?
>
> Any good sources that outline best practies would be a great help.
>
> Thanks,
> Chris
Similar Threads
Linear Mode
