chapmantonyi downloaded teklogic's script that removes all from the admin group except the local and domain admins. however, there are not any domain admins because it is a workgroup and therefore, what i need cannot be done in group policy. so the problem is... the users do not belong to any group now. that means i would still have to go in and do all this manually anyway. is there any way to remove all users from the admin group and add them to the users group? thx in advance for your help.