This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 64%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
I meant to remove local admin rights from a security group on our domain controller, but I think I deleted the builtin localadmin group. Nobody has localadmin rights now, including administrators.
Computer Configuration -> Preferences -> Control Panel Settings -> Local Users and Groups
New -> Local Group New Local Group Properties
I thought I was adding my security group, but in the “Members” section I typed in localadmin rather than the security group name. This has removed local admin rights on all devices.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Vicky Carlson - Repair •
You can use the same Group Policy Preference setting to add the Builtin Local Admin in the local administrator group.
When you check Delete all members user and groups in Group policy Preference , you have to add all groups and accounts should have local administrator permission, Otherwise all accounts will be deleted from local administrator group.
Please don't forget to accept helpful answer
That worked! Thank you so much! I learned a lot through the unfortunate incident. I appreciate the help.
You are welcome