Solved

Domain User --  Local Admin Group

Posted on 2004-09-13
5
182 Views
Last Modified: 2010-04-14
Hi all,

Recently I have upgraded my windows NT domain to windows 2003 Domain. Everything is fine, and windows98 and windows 95 are giving me expected problems.

But recently I have problem adding domain user into local admin group. I used both GUI method and also Dos command method to add the domain user into my local admin group. Domain users are successfully added to the local admin group, but after over a night ( or maybe earlier.. not sure the timing) all the domain users were removed from local group.

Anyone faced this problem before? any default GPO will force to remove the domain user from local group??
Thanks
0
Comment
Question by:mohai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 12050682
Hello,
Yes Windows has a group policy object called 'restricted groups' you can find it following this path
computer configuration >> security settings >> restricted groups.

By default it should be empty but it is worth taking a look.

Briefly..you could have a policy that says to remove some or all users from a specific group.
I can't imagine how something can accidently show up there, but the symptoms match

HOW TO: Restrict Group Membership By Using Group Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320045
0
 
LVL 5

Expert Comment

by:talphius
ID: 12050737
Any GPO objects will only apply to Win2K machines and higher.  For support of NT, ME, and 98 based machines you need to use System Policy settings instead  (these use registry entries instead).  

See also:  MS KB 814598  
http://support.microsoft.com/default.aspx?scid=kb;en-us;814598#5
0
 
LVL 1

Author Comment

by:mohai
ID: 12060694
Hi Thanks for the info. I have tried to remove any setting in restrict group membership in my default domain group policy.
However the same problem arise.

Here is the message from my winlongon.log file..

----Configure Group Membership...
      Configure Administrators.
            remove GES-MSL\Domain Admins.
            remove GES-MSL\khfones.

Beside restric group membership, any other setting will cause this to happen??
0
 
LVL 1

Author Comment

by:mohai
ID: 12062238
Hi MDigLio,

Thanks for the info..

Actually What you told me was correct and it worked.

I mistakenly remove the setting wrongly in other policy, and that is why it was initially not working.
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12063551
Glad you got it working...thanks for the points
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We have put together a white paper that aims to explain how MSPs can both improve their offering and ease the pain of after-hours service by: -Suggesting changes to workflow -Indicating how to rework policy to suit your team -Providing ConnectW…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question