I am working to automate protection for High Risk systems in ePO 4.6.
In our environment, everyone gets local admin by default.
So far, I have an automated taging method which works pretty well. The high risk systems have more protective policies and on demand scans.
Next, I would like to add a step that removes localadmin rights from XP or Windows7 triggered from ePO. I know ePO has a scripting interface now. Could there be a way to use this feature to run script to zap local admin rights? Any other ideas?
This isn't possible as far as I know. The scripting functions in ePO 4.6 are on the server, for automating server operations: what you need (assuming I'm understanding correctly) is a client-end function that's capable of removing admin rights, which the agent currently cannot do