Group policy doing something strange to local administrators group
We have a group policy in one office that modified the local administrators group. That was fine and worked well until some machines needed to have different/unique local administrators. So we put in a filter/exception that prevented this group policy applying to machines in a particular group.
If we run GPRESULT we can see that this policy is now filtered on these machines and yet this is the strange bit.
We now modify local administrators on these PCs that need to have unique local administrators and yet every now and again the 'local adminstrators' group gets blown away. It's as though the group policy system knows that we've filtered this policy that used to be applied but rather than reverting the local adminstrators back to the pre-gpo settings just the once it's happening every few days.
Are we misunderstanding the way GPOs work. When you filter a machine from a GPO will it keep on reverting that PCs settings back to how they were before the GPO was run - How do we break the association between machine and GPO?