Domain Users/Admin lose Local Admin and Remote Desktop permissions
Posted on 2008-06-12
Got a odd one I think. I have a medimum sized network with several windows 2003 server and XP Pro SP2 PCs. 3 DCs, 2 Exchange, 4 Web Servers/Services and several File and SQL servers. Up until yesterday afternoon everything was good. We have several custom apps where domain users need to be in the local admin group to run specific apps. Admins have their own domain admin account and domain user accounts.
We just installed 2 Trigio servers and were informed that we needed to push the remote agent to the DCs to support training next week. We pused as directed by the trainer, ok first mistake pushed to production boxes, but experienced issues. Eventually installed via CD. After a few hours we noticed that individual domain admin accounts could not RDP on to the 3 DCs but could still RDP to other domain servers. This morning backups on 8 servers failed with authentication errors. We created a seperate backupexec account with appropriate permissions to conduct backups. Again it appears that the backupexec account has been removed from the local admin and backup groups on the individual servrs.
We noticed that users who logged off or shutdown there computers were the one who lost local admin right but those who just locked their work station did not. So it appears like a GPO issue. I have checked the restricted groups GPO but it appears fine. Any other ideas?