Solved

Local Admin account being removed from XP machines while using restricted groups in Group Policy

Posted on 2008-06-18
5
484 Views
Last Modified: 2010-04-21
I'm using Restricted Groups to XP machines to allow Domain Admins admin rights to all boxes in domain via GP.  However, when this policy is applied, the local admin account is being removed.  This blocks support team from logging in to pc's locally to trouble shoot.  How do I manage the GP so that it doesn't remove the local admin account?
0
Comment
Question by:stvbrx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:kshays
ID: 21812436
If you follow this link then everything should work without any questions.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

I'm assuming you are probably just missing 1 step is all as it could be confusing when you first try and setup the restricted groups.

0
 
LVL 70

Expert Comment

by:KCTS
ID: 21812444
Make sure you "Merge" and do not "Replace"
0
 

Author Comment

by:stvbrx
ID: 21812467
KCTS,
Meaning that I should have a Loopback in place?
0
 
LVL 41

Accepted Solution

by:
graye earned 500 total points
ID: 21813089
Sorry, that's just how the Restricted Groups feature works.   It completely replaces the contents of the group with whatever you've put in the GPO.   It does not do a "merge", it allways does a "replace".

The easiest way to merely add an account to the local Administrators group would be to use a Startup batch file with the following:

net localgroup /add Administrators [domain\group] > nul 2>nul

BTW:  Domain Admins should  have already been a member of the local Adminstrators group
0
 

Author Closing Comment

by:stvbrx
ID: 31468314
Very disappointed that I can't make this work via GP.  Thanks for all your help!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question