Another way to do this is with a logon script that adds an account to the local administrators group and removes the user from that group.
The testing is a way to ensure that you don't break applications on the workstations. Some of the more poorly written applications require special access and as a default prefer administrative access rights. They work poorly without them. You'll want to test thoroughly so that you can remove the unneeded rights and still allow your user community to work as expected.
I'm sure there's more cautions I can suggest, but you get the idea.
On 9/20/06, Alberto Oviedo <[EMAIL PROTECTED]
> wrote:
Hello. My name is Alberto, I'm from Nicaragua
In our company the support team has granted every user administrator rights over their workstation, We recently migrated to Windows 2003 AD and I want to revoke the privileges tha users have on their computers. Can I do this through AD? It's around 300 users and I don't want to visit every single one of them.
Thanks for your help.
