Solved

Domain user is being dropped out of the local admin group on a WIN2K3 Server after a few hours.

Posted on 2006-07-12
5
326 Views
Last Modified: 2010-05-18
Our development guy has a test server that is on the network, he needs to be in the local admins group to do his debugging. I add him to the local admins group on the machine and the account is missing hours later. The admin group contains other domain accounts, but they all happen to be domain groups. None of these are being dropped. Any ideas?
0
Comment
Question by:AmsurgIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 17091159
That's probably a group policy "Restricted Groups" being applied to this machine. You need to change this policy, or (if possible) add the development guy to one of the groups that has local admin permissions.
0
 

Author Comment

by:AmsurgIS
ID: 17091372
Would this be a local policy?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17091470
No, that's a domain policy; "Restricted Groups" aren't available as local policies (wouldn't make too much sense).
0
 

Author Comment

by:AmsurgIS
ID: 17091766
True, but I don't see that policy as being in affect.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 17091950
Open a command window, and run
gpresult /scope computer /v >gpresult.txt
Then open gpresult.txt in notepad and check the "Restricted Groups" section; this is basically the only possibility for accounts to disappear from local groups.

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question