Solved

Domain User --  Local Admin Group

Posted on 2004-09-13
5
184 Views
Last Modified: 2010-04-14
Hi all,

Recently I have upgraded my windows NT domain to windows 2003 Domain. Everything is fine, and windows98 and windows 95 are giving me expected problems.

But recently I have problem adding domain user into local admin group. I used both GUI method and also Dos command method to add the domain user into my local admin group. Domain users are successfully added to the local admin group, but after over a night ( or maybe earlier.. not sure the timing) all the domain users were removed from local group.

Anyone faced this problem before? any default GPO will force to remove the domain user from local group??
Thanks
0
Comment
Question by:mohai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 12050682
Hello,
Yes Windows has a group policy object called 'restricted groups' you can find it following this path
computer configuration >> security settings >> restricted groups.

By default it should be empty but it is worth taking a look.

Briefly..you could have a policy that says to remove some or all users from a specific group.
I can't imagine how something can accidently show up there, but the symptoms match

HOW TO: Restrict Group Membership By Using Group Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320045
0
 
LVL 5

Expert Comment

by:talphius
ID: 12050737
Any GPO objects will only apply to Win2K machines and higher.  For support of NT, ME, and 98 based machines you need to use System Policy settings instead  (these use registry entries instead).  

See also:  MS KB 814598  
http://support.microsoft.com/default.aspx?scid=kb;en-us;814598#5
0
 
LVL 1

Author Comment

by:mohai
ID: 12060694
Hi Thanks for the info. I have tried to remove any setting in restrict group membership in my default domain group policy.
However the same problem arise.

Here is the message from my winlongon.log file..

----Configure Group Membership...
      Configure Administrators.
            remove GES-MSL\Domain Admins.
            remove GES-MSL\khfones.

Beside restric group membership, any other setting will cause this to happen??
0
 
LVL 1

Author Comment

by:mohai
ID: 12062238
Hi MDigLio,

Thanks for the info..

Actually What you told me was correct and it worked.

I mistakenly remove the setting wrongly in other policy, and that is why it was initially not working.
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12063551
Glad you got it working...thanks for the points
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question