We have couple of laptop users with local administrator privilege. on a local security auditing we find these users add other accounts as part of the local administrator. we want to disable the same . How do I create an organization wide policy
to prevent users adding other accounts in Local administrator account. Thanks a lot for sharing your thoughts
Agree that you should use Group Policy Restricted Groups to explicitly set the membership of the local Administrators group.
Just add the local Administrators group by doing a right click on Restricted Groups, then add any users/groups that you would like them to be the local administrators into the "Members of this group:"
list.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
tnmff@microsoft.com
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.
