Post

Manage Local Admins with Group Policy on Workstations

Posted Updated
Preview Image
By Marc Mylemans 1 min read

In this video we will be managing our Local Admins with Group Policy’s. In the first part i will show you how to delete all die local administrators and only leave the Domain Admins. In the second part we will be using the Managed By field in Active directory to assign a ‘Primary User’ to the workstation. With this the ‘Primary User’ has local admin rights only on that assigned workstation.

Screenshots + Ldap Query’s

Assign users

Item Level targeting

LDAP Query

1st LDAP Query:

1

(&(objectCategory=computer)(objectClass=computer)(name=%COMPUTERNAME%))

1

managedby

1

PrimaryUser

2nd LDAP Query:

1

(&(|(objectClass=group)(objectClass=user))(distinguishedName=%PrimaryUser%))

1

sAMAccountName

1

PrimaryUser
Windows, Server 2022
server 2022 ad gpo local admins group policy admin tutorial youtube
This post is licensed under CC BY 4.0 by the author.