Change Groups in Local Admin group

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I'm looking for a command line that will delete all entries from the local
admin group with exceptions.

For instance, I can add a group to local admin by using
"NET LOCALGROUP Administrators /add groupname"

Anyone know of a way to delete all groups in there?

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I don't know of a command line way offhand but for domain computers you can
use Group Policy "restricted groups" at the OU level to define exactly what
groups can be in the local administrators group of computers in that OU. If
you remove restricted groups from the GPO, the membership in the local
administrators groups would stay the way restricted groups enforced them
and then you could use net localgroup if you want to. --- Steve


"dprice" <dprice@discussions.microsoft.com> wrote in message
news:4C2322C6-F789-4E9D-86C9-82C41386582D@microsoft.com...
> I'm looking for a command line that will delete all entries from the local
> admin group with exceptions.
>
> For instance, I can add a group to local admin by using
> "NET LOCALGROUP Administrators /add groupname"
>
> Anyone know of a way to delete all groups in there?
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You would likely need to write a small script for this,
and then keep it up-to-date on the allowed exceptions.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"dprice" <dprice@discussions.microsoft.com> wrote in message
news:4C2322C6-F789-4E9D-86C9-82C41386582D@microsoft.com...
> I'm looking for a command line that will delete all entries from the local
> admin group with exceptions.
>
> For instance, I can add a group to local admin by using
> "NET LOCALGROUP Administrators /add groupname"
>
> Anyone know of a way to delete all groups in there?
>
>