Solved

Domain User --  Local Admin Group

Posted on 2004-09-13
5
179 Views
Last Modified: 2010-04-14
Hi all,

Recently I have upgraded my windows NT domain to windows 2003 Domain. Everything is fine, and windows98 and windows 95 are giving me expected problems.

But recently I have problem adding domain user into local admin group. I used both GUI method and also Dos command method to add the domain user into my local admin group. Domain users are successfully added to the local admin group, but after over a night ( or maybe earlier.. not sure the timing) all the domain users were removed from local group.

Anyone faced this problem before? any default GPO will force to remove the domain user from local group??
Thanks
0
Comment
Question by:mohai
  • 2
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
Comment Utility
Hello,
Yes Windows has a group policy object called 'restricted groups' you can find it following this path
computer configuration >> security settings >> restricted groups.

By default it should be empty but it is worth taking a look.

Briefly..you could have a policy that says to remove some or all users from a specific group.
I can't imagine how something can accidently show up there, but the symptoms match

HOW TO: Restrict Group Membership By Using Group Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320045
0
 
LVL 5

Expert Comment

by:talphius
Comment Utility
Any GPO objects will only apply to Win2K machines and higher.  For support of NT, ME, and 98 based machines you need to use System Policy settings instead  (these use registry entries instead).  

See also:  MS KB 814598  
http://support.microsoft.com/default.aspx?scid=kb;en-us;814598#5
0
 
LVL 1

Author Comment

by:mohai
Comment Utility
Hi Thanks for the info. I have tried to remove any setting in restrict group membership in my default domain group policy.
However the same problem arise.

Here is the message from my winlongon.log file..

----Configure Group Membership...
      Configure Administrators.
            remove GES-MSL\Domain Admins.
            remove GES-MSL\khfones.

Beside restric group membership, any other setting will cause this to happen??
0
 
LVL 1

Author Comment

by:mohai
Comment Utility
Hi MDigLio,

Thanks for the info..

Actually What you told me was correct and it worked.

I mistakenly remove the setting wrongly in other policy, and that is why it was initially not working.
0
 
LVL 16

Expert Comment

by:mdiglio
Comment Utility
Glad you got it working...thanks for the points
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Marketing can be an uncomfortable undertaking, especially if your material is technology based. Luckily, we’ve compiled some simple and (relatively) painless tips to put an end to your trepidation and start your path to success.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now