GPO's only work if user is member of local administrators group on Win2k workstations
Posted on 2004-11-23
I have 2 Windows 2000 Servers, and a whole slew of Win2k workstations. Currently, all users are members of their pc's Administrators group, but not the Domain Admins group. We tried to tighten security down and started by removing users from the local admins group. When I did, all of my GPOs defined in AD Users and Groups stopped working, including scripts and restrictions (screensaver forced to lock, etc). If I add users back to the local admins, things work great.