Solved

Local Admin account being removed from XP machines while using restricted groups in Group Policy

Posted on 2008-06-18
5
471 Views
Last Modified: 2010-04-21
I'm using Restricted Groups to XP machines to allow Domain Admins admin rights to all boxes in domain via GP.  However, when this policy is applied, the local admin account is being removed.  This blocks support team from logging in to pc's locally to trouble shoot.  How do I manage the GP so that it doesn't remove the local admin account?
0
Comment
Question by:stvbrx
5 Comments
 
LVL 16

Expert Comment

by:kshays
ID: 21812436
If you follow this link then everything should work without any questions.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

I'm assuming you are probably just missing 1 step is all as it could be confusing when you first try and setup the restricted groups.

0
 
LVL 70

Expert Comment

by:KCTS
ID: 21812444
Make sure you "Merge" and do not "Replace"
0
 

Author Comment

by:stvbrx
ID: 21812467
KCTS,
Meaning that I should have a Loopback in place?
0
 
LVL 41

Accepted Solution

by:
graye earned 500 total points
ID: 21813089
Sorry, that's just how the Restricted Groups feature works.   It completely replaces the contents of the group with whatever you've put in the GPO.   It does not do a "merge", it allways does a "replace".

The easiest way to merely add an account to the local Administrators group would be to use a Startup batch file with the following:

net localgroup /add Administrators [domain\group] > nul 2>nul

BTW:  Domain Admins should  have already been a member of the local Adminstrators group
0
 

Author Closing Comment

by:stvbrx
ID: 31468314
Very disappointed that I can't make this work via GP.  Thanks for all your help!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now