Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Change Groups in Local Admin group
Ask the community Add a reply
Word :    Username :           
 
Anonymous   12-08-2004 at 05:31:05 PM

Archived from groups: microsoft.public.win2000.security (More info?)

 

I'm looking for a command line that will delete all entries from the local
admin group with exceptions.

For instance, I can add a group to local admin by using
"NET LOCALGROUP Administrators /add groupname"

Anyone know of a way to delete all groups in there?

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   12-09-2004 at 05:47:24 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

I don't know of a command line way offhand but for domain computers you can
use Group Policy "restricted groups" at the OU level to define exactly what
groups can be in the local administrators group of computers in that OU. If
you remove restricted groups from the GPO, the membership in the local
administrators groups would stay the way restricted groups enforced them
and then you could use net localgroup if you want to. --- Steve


"dprice" <dprice@discussions.microsoft.com> wrote in message
news:4C2322C6-F789-4E9D-86C9-82C41386582D@microsoft.com...
> I'm looking for a command line that will delete all entries from the local
> admin group with exceptions.
>
> For instance, I can add a group to local admin by using
> "NET LOCALGROUP Administrators /add groupname"
>
> Anyone know of a way to delete all groups in there?
>
>

Reply to Anonymous
Anonymous   12-09-2004 at 01:07:09 PM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

You would likely need to write a small script for this,
and then keep it up-to-date on the allowed exceptions.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"dprice" <dprice@discussions.microsoft.com> wrote in message
news:4C2322C6-F789-4E9D-86C9-82C41386582D@microsoft.com...
> I'm looking for a command line that will delete all entries from the local
> admin group with exceptions.
>
> For instance, I can add a group to local admin by using
> "NET LOCALGROUP Administrators /add groupname"
>
> Anyone know of a way to delete all groups in there?
>
>

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Change Groups in Local Admin group
Go to:

There are 970 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.694 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them