Skip to content

How to Remove Admin Rights from Endpoints using Securden EPM?

Once the computers are onboarded, privilege management agents are deployed, and the application control policies are in effect, the EPM administrator can remove admin rights from user accounts on endpoints and make them standard users without any hassles.

You have two options, remove admin rights in bulk or remove specific accounts on endpoints.

How to Remove Admin Rights in Bulk?

To remove admin rights in bulk, navigate to Privileges >> Remove Privileges.

This option is quite flexible and helps you remove the admin rights of any number of users on any number of computers in a single click.

Step 1 - Specify users whose local administrator privileges are to be removed.

You have two options for choosing the users/groups here,

1) Select All Users - and filter between local users, domain users, and domain groups.

2) Individually include/exclude specific users/user groups - This option allows you to add users who haven't been onboarded in Securden.

Step 2 - Specify the computers on which admin rights are to be removed for the users listed in step 1.

You have two options to select the computers,

1) Select All Computers - This only includes the computers that have the Securden agent installed on them.

2) Select Specific Computers/Computer Groups- You can search and select the required computers and computer groups from this field.

Step 3 - Specify the groups from which the selected users are to be removed (Optional)

By default, when you click Proceed after specifying the users and computers, the users if they had admin rights will be demoted to standard users. But Securden EPM provides a provision using which you can transfer AD domain users from one domain group to another. You have the following options.

1) Remove from 'Administrators' group - This option allows you to remove the selected users from the local administrators group.

2) Remove from specific group(s) - This option allows you to select a specific domain group from which the selected users will be removed.

3) None - Select this option if you do not want to remove users from any group

Once the source group is specified, you need to specify the groups to which these users must be added to. You have the following options.

1) Add to the ‘Users’ group - This option allows you to add the users removed into the default ‘Users’ group, making them standard users with no admin privilege.

2) Add to a specific group - This option allows you to add the users removed into a specific group/groups of your choice. Select the groups where you wish to add the users.

3) None - Select this option if you do not want to add the removed users to any other group(s).

Once the preferences are selected, you have the option to create a policy/rule using which the process can re-run in the future. For example, if a user becomes a part of the local administrator group again in the future, you can demote the user by re-running the rule from the Privileges >> Remove Privileges window.

How to Remove Specific Users from Local Administrator Group on a Particular Domain Computer?

To remove admin rights on specific endpoints, go to Computers tab and select the required domain computer. Go to the Local Administrators tab and find the required user account and click on the bin icon.

This user will be demoted to standard user from the local administrator.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly.

Thanks for sharing your details.
We will be in touch with you shortly.