We help IT Professionals succeed at work.
Get Started

Restricted Group not working

Last Modified: 2010-03-05
I created a group policy to apply Restricted Groups to the local Administrators group on workstations.  My understanding is that once the policy is in place, the local Administrators group will always reset itself to the restricted group membership after a reboot.  My tests prove otherwise.  

Once the worksations reboot, the policy applies and sets the group membership according to the policy which establishes the following members:  administrator, domain\domain admins, domain\techgroup, and domain\anotherGroup.  I log on to the pc as a member of the domain\techgroup and see that the new groups were added correctly.  I remove one of the groups, reboot the workstation, and expect to see that the Administrators group reset back to the original four.  It doesn't.

Another test was to add an individual user account to the local Administrator's group.  It remains after the reboot.  GPResult shows the policy is being read and applied, and RSoP on an XP box shows the policy is a "Winning GPO."  What am I doing wrong?
Watch Question
Top Expert 2013
This problem has been solved!
Unlock 1 Answer and 15 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE