Solved

Domain User --  Local Admin Group

Posted on 2004-09-13
5
181 Views
Last Modified: 2010-04-14
Hi all,

Recently I have upgraded my windows NT domain to windows 2003 Domain. Everything is fine, and windows98 and windows 95 are giving me expected problems.

But recently I have problem adding domain user into local admin group. I used both GUI method and also Dos command method to add the domain user into my local admin group. Domain users are successfully added to the local admin group, but after over a night ( or maybe earlier.. not sure the timing) all the domain users were removed from local group.

Anyone faced this problem before? any default GPO will force to remove the domain user from local group??
Thanks
0
Comment
Question by:mohai
  • 2
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 12050682
Hello,
Yes Windows has a group policy object called 'restricted groups' you can find it following this path
computer configuration >> security settings >> restricted groups.

By default it should be empty but it is worth taking a look.

Briefly..you could have a policy that says to remove some or all users from a specific group.
I can't imagine how something can accidently show up there, but the symptoms match

HOW TO: Restrict Group Membership By Using Group Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320045
0
 
LVL 5

Expert Comment

by:talphius
ID: 12050737
Any GPO objects will only apply to Win2K machines and higher.  For support of NT, ME, and 98 based machines you need to use System Policy settings instead  (these use registry entries instead).  

See also:  MS KB 814598  
http://support.microsoft.com/default.aspx?scid=kb;en-us;814598#5
0
 
LVL 1

Author Comment

by:mohai
ID: 12060694
Hi Thanks for the info. I have tried to remove any setting in restrict group membership in my default domain group policy.
However the same problem arise.

Here is the message from my winlongon.log file..

----Configure Group Membership...
      Configure Administrators.
            remove GES-MSL\Domain Admins.
            remove GES-MSL\khfones.

Beside restric group membership, any other setting will cause this to happen??
0
 
LVL 1

Author Comment

by:mohai
ID: 12062238
Hi MDigLio,

Thanks for the info..

Actually What you told me was correct and it worked.

I mistakenly remove the setting wrongly in other policy, and that is why it was initially not working.
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12063551
Glad you got it working...thanks for the points
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An article on effective troubleshooting
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now