PDA

View Full Version : remove domain users from power users group

=?Utf-8?B?UGF0cmljayBzaGFwYXJk?=
Hi all
I was just wondering if there is a microsoft utilitly or 3rd party util that can remove domain users from local user groups remotely. I have quite a few users who have local admins rights or pwer user rights and I want to remove them. Any suggestions

Than k you
Patrick Shapard, CCNA, MCSA, MCP
Steven L Umbach
One way would be to use restricted groups at the OU level which will then apply to
the local machine for domain members. You will not find a power users group when you
browse for it, just type it in. Keep in mind that it will remove ALL users that are
not specified in the restricted groups so you may need to think out your OU structure
where the policy will apply to computers in it and maybe create global group for
domain users that will exist in the power users group on those computers and then add
the appropriate members to that global group if any. See the link below for more
details. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;228496
http://support.microsoft.com/default.aspx?scid=kb;en-us;810076 --- important info
about SP4
http://www.jsiinc.com/SUBG/TIP3200/rh3251.htm
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065


"Patrick shapard" wrote in message
news:CFA37955-6538-487F-BABB-8DF9BAD9DE2E@microsoft.com...
> Hi all,
> I was just wondering if there is a microsoft utilitly or 3rd party util that can
remove domain users from local user groups remotely. I have quite a few users who
have local admins rights or pwer user rights and I want to remove them. Any
suggestions?
>
> Than k you,
> Patrick Shapard, CCNA, MCSA, MCP


luc wastiaux
Patrick shapard wrote:
> Hi all, I was just wondering if there is a microsoft utilitly or 3rd
> party util that can remove domain users from local user groups
> remotely. I have quite a few users who have local admins rights or
> pwer user rights and I want to remove them. Any suggestions?

You can establish a connection to the ADMIN$ share on the remote
computer, then run mmc, open computer management console for the remote
computer and empty the power users group.

this should work:
net use /u:remotemachine\Administrator \\remotemachine\ADMIN$

mmc
add snap-in
computer management console
remote computer (choose which)

local users and groups
power users

you're done

--
luc wastiaux