Restrict local admin rights

securitygeek

New Member
Hi,

Wonder if this is possible. Currently GPO is used to push out policy to allow an AD group local admin rights on PC's. The requirement is to further restrict access by using GPO (and possibly restricted groups) so that only the owner of the laptop has local admins to their PC. This needs to also allow centralised management and auditing. Is this even possible?

Thanks
 

Neemobeer

Cloud Security Engineer
Staff member
Oh you want to give the user admin rights? That is a really bad idea. There isn't an easy way to do that besides when the system is setup or some kind of scripted solution.
 
Top