Microsoft has now release to the world Windows 10, and if you are running one of the 14 million devices that now have Windows 10 installed you might be wondering what new features there are for businesses.
But where do all these magical settings within Administrative Templates come from?
When this does happen it is also its almost impossible to discover as you have to run a query every computer to see who is in the local admin group and then figure out which account should be a member.
Once solution to this is of course following Microsoft best practice and not give your users local admin access to their PC or Server and in an utopian environment this would be possible but we all live in the real world where managers have admin access to their PC’s and developers are allowed to install any software they want. Since Group Polices were first introduced with Windows 2000 there was an setting called “Restricted Groups” which allows you to control the membership of a group.
One problem I see all the time is IT administrator never being able to control who is a local administrator of any particular computer.
The problem is that when you give someone local admin access to a computer (because they legitimately need it) you cant stop them from giving admin access to someone else on the same computer.