Adding Administrators Via Group Policy
Question
My Windows Vista work computer is a member of a domain. The domain administrators have set up a group policy that keeps adding them as Administrators of my computer every night.
Is there a way I can prevent this from happening? I am an Administrator on the computer.
5 answers
solution1
1 2010-01-30 01:42:54
Yes, you can. There are a number of ways at your disposal. A few ideas:
Delete their local admin. Add your own local admin user with the same username but a different password. The GPO addition will assume the user is already there and not make any changes.
Update registry permissions to remove access to any of the several keys required to add a user. Mark Russinovich describes procedures on his blog .
Edit the NTFS permissions on the directory where the group policy objects are cached. (this, of course, will break all GPOs, not just the local admin...)
bottom line : as a local admin, you can do anything . In order for Group Policy to work and for the GPO to add a local user, it must do something . Break any part of that something and you've found your solution.
Of course, just because you can , but that doesn't mean you should . I was an IT guy, users did this to me, and it's irritating. It's a policy issue and should be handled via non-technical means.
solution2
1 2015-01-03 03:55:19
每次连接到您的工作网络时都会发生这种情况,这是公司控制其计算机的方式,我建议您与网络管理员联系。
solution3
1 2009-04-25 17:07:23
These are serious answers:
- disconnect your PC from the network
- remove your PC from the domain
You can't change group policy: it can override local settings or not be overridden. Domain admins trump local admins in AD
But why?
solution4
1 2009-04-25 17:12:26
There is no (useful) way. This isn't however a technical problem at all but a policy problem (if a problem at all). Take it up with your administrators and your boss. Ask them why and they should explain.
This behaviour is a default policy by the way.
solution5
0 2015-03-10 20:57:00
- Open Regedit.exe.
- Browse to the following path -
HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\MMC\\ - Expand the unique key contained within
- Set
Restrict_Runto the value 1 (done by double clicking to edit and typing 1)
http://www.computerstepbystep.com/group_policy_windows_7.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.