Share via

Grant and revoke admin rights for domain users through domain controller

Anonymous
2024-04-04T07:07:06+00:00

Hi,

I have a local domain windows server and I need to revoke admin rights for all domain users and, just sometimes, give them admin rights for a specific and limited time. Is it possible? Or is there another way more efficient? Thanks a lot.

Windows for business | Windows Server | Directory services | User logon and profiles

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-04-05T07:23:54+00:00

    Hi Izzo Pierluigi,

    Thank you for posting in the Microsoft Community Forum.

    To revoke administrator privileges for all domain users, you can follow these steps:

    1. Log in to your Domain Controller on the Windows Server.
    2. Open the "Active Directory Users and Computers" management console.
    3. In the left navigation pane, expand your domain and select the "Users" Organizational Unit (OU).
    4. Select all the users for whom you want to revoke administrator privileges. You can select multiple users by holding down the Ctrl key and clicking on each user.
    5. Right-click on the selected users and choose "Properties."
    6. In the properties dialog, navigate to the "Member Of" tab.
    7. If the users are members of the Administrators group, remove them from the list. Typically, to remove users from the Administrators group, you can find the group named "Administrators" in the "Member Of" tab and remove the users from it.
    8. Confirm the changes and close the properties dialog.

    You can achieve this goal by using Group Policy on Windows Server. Specifically, you can create a security group named "Administrators" and add this group to the local Administrators group. Then, you can add or remove users from the "Administrators" group as needed.

    To grant users administrator privileges for a specific period, you can set up a scheduled task that adds users to the "Administrators" group when necessary and removes them from the group after a specified time.

    Here are the general steps:

    1. Create a security group named "Administrators."
    2. Add this group to the local Administrators group.
    3. Add users to the "Administrators" group as needed to grant them administrator privileges.
    4. Create a scheduled task that adds users to the "Administrators" group when required and removes them from the group after a specified time.

    This method allows you to effectively manage user administrator privileges and adjust them as needed.

    Best regards

    Neuvi Jiang

    0 comments