Removing Users from the Windows Local Administrators Group

Removing users from the local administrators group in Microsoft Windows can be done using the following steps:

Step-by-step procedure

1. Log in to Windows with an account that has administrator privileges.

2. Open Computer Management: Press Win + X and select "Computer Management," or run compmgmt.msc from the Run dialog.

3. Navigate to Local Users and Groups: Expand "System Tools" → "Local Users and Groups" → "Groups."

4. Open the Administrators group: Double-click "Administrators" to view its members.

5. Remove the user: Select the user you want to remove and click "Remove," then "OK."

Alternative: Using Command Prompt

You can also use the net localgroup command:

net localgroup Administrators username /delete

Replace username with the actual username.

Why this matters

Limiting local administrator access is a fundamental security control. Users with local admin rights can install software, modify system settings, and disable security tools—all of which can facilitate malware persistence and lateral movement. Implementing least privilege reduces your attack surface significantly.