Restrict local admin rights


New Member

Wonder if this is possible. Currently GPO is used to push out policy to allow an AD group local admin rights on PC's. The requirement is to further restrict access by using GPO (and possibly restricted groups) so that only the owner of the laptop has local admins to their PC. This needs to also allow centralised management and auditing. Is this even possible?



Cloud Security Engineer
Staff member
Oh you want to give the user admin rights? That is a really bad idea. There isn't an easy way to do that besides when the system is setup or some kind of scripted solution.