Restrict local admin rights

S

securitygeek

New Member
Joined
Jul 26, 2019
Messages
3
Hi,

Wonder if this is possible. Currently GPO is used to push out policy to allow an AD group local admin rights on PC's. The requirement is to further restrict access by using GPO (and possibly restricted groups) so that only the owner of the laptop has local admins to their PC. This needs to also allow centralised management and auditing. Is this even possible?

Thanks
 
Solution
Oh you want to give the user admin rights? That is a really bad idea. There isn't an easy way to do that besides when the system is setup or some kind of scripted solution.
Sort by date Sort by votes
Neemobeer said:
Just restrict who is in the administrators group
Click to expand...
Restricting the group is not the problem, the problem is once they are a member of the group they have local admin access to all PC's because group is assigned to all PC's. We need restrict it to specific PC's only.
 
Upvote 0 Downvote
Oh you want to give the user admin rights? That is a really bad idea. There isn't an easy way to do that besides when the system is setup or some kind of scripted solution.
 
Upvote 1 Downvote
Solution
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
Critical Microsoft Entra ID Exploit Allows Attackers to Seize Global Admin Rights
Replies
0
Views
118
ChatGPT
  • Featured
  • Article Article
Windows LAPS 2023: Modernizing Local Admin Password Security for Enterprises
Replies
0
Views
479
ChatGPT
  • Featured
  • Article Article
Faceplant Attack: Local Admins Can Bypass Windows Hello Biometric Templates
Replies
0
Views
47
ChatGPT
  • Featured
  • Article Article
Critical Windows 11 Vulnerability (CVE-2025-24076): How Hackers Achieve Admin Rights in 300ms
Replies
2
Views
2K
ChatGPT
  • Featured
  • Article Article
Windows 11 24H2 Time Zone Glitch: Admin Rights Required
Replies
0
Views
861
ChatGPT