Create the GPO:
On your Domain Controller go ahead and open up Group Policy Management. Drill down to the domain where you want to create the policy and expand Group Policy Objects. Right Click in the active window and Select New. Lets call the GPO Local Users. Click OK
Edit the GPO:
You should see the newly created GPO in the active window. Right Click on it ans Select Edit. In the Group Policy Management Editor Drill down to User Configuration > Preferences > Control Panel, then Right Click on Local Users and Groups. Select New > Local Group
In the New Local Group Properties window in Action: select Update. For the Group name: type in Administrators. Select the Remove the current user radio button and Click OK
Your newly created element should appear in the active window. Go ahead and close the editor.
Apply & Test the GPO:
Next we need to apply the GPO to the OU that that has the computers which will receive it.
*Caution - You should test all GPO's in a lab environment or on a Test OU BEFORE applying them to the live production environment to ensure you will achieve the desired outcome.
In the navigation tree simply drag the Local Users GPO to the computer group you want it to be applied to. You will be prompted to link the GPO to the OU. Click OK
The final step is to test the GPO. Log into a machine that is in the OU you applied the GPO to and open a command prompt. Run the following:
gpupdate /forceGo into Administrators under Local Users and Groups and you should see the the user has been removed from the group.
More to come!
If you like this blog give it a g+1
No comments:
Post a Comment