Solved

Universal Security Group continues to add the Administrators group even when removed

Posted on 2009-07-10
3
253 Views
Last Modified: 2013-12-12
!!THIS IS FOR SBS 2008!!

This one makes no sense to me and I've been working for days to figure it out. I have created a Universal Security Group for 2 separate OUt's....These Security Groups have all of the users in the specified OU and there is a script that runs hourly to add all users in a specific OU to a specific security group.

Now, my problem is this....I go into the "Members Of" tab and I see Administrators, Windows SBS Web Workplace Users, Windows SBS SharePoint_MembersGroup, and Windows SBS Virtual Private Network users.

I of course don't want these members to be part of the Administrators group but after I remove it, at some point (seems like a day or two later) it puts the Administrators group back in there.

I've verified that it is not my script that's doing this (please let me know if you want the VBS code) and the only other thing I have going on involving these groups is within Group Policy.

I've set this group in Group Policy to automatically become part of the Local Administrators Group on PC's so when these users login to their machines they are local admins (easier than doing it on a user by user basis). I've set this option in GPO under "Computer Configuration --> Windows Settings --> Security Settings --> Restricted Groups"

Now I know it seems obvious that this might be the problem because it says "Administrators" but it should only be adding them to the local administrators group on their machines, not on the server. I know for a fact it is automatically adding these groups to the local computers.

Anyhow, any help is appreciated. I've attached a screen shot of my GPO as I *think* it might be the culprit but if that is the case, what is my workaround to get these groups added automatically to the user machines.

Very Frustrated,

amd599
GPO.GIF
0
Comment
Question by:amd599
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 

Author Comment

by:amd599
ID: 24821375
**************************UPDATED COMMENT************************

The only problem I see in testing this is how long it takes for the Administrators group to get added back to my security group so I need a sure way of testing this in a quick manner. Even if I reboot it doesn't get added back so it's on some type of schedule I believe.
0
 

Author Comment

by:amd599
ID: 24821658
**************************UPDATED COMMENT************************

OK! Man, I keep seeming to come closer to solving these things directly after posting even when no one has responded.

I did a gpupdate /force on the server and it is in fact the group policy on the computer that is adding the Administrators group back to the Security Group I've created. It appears that it's the local policy not the one's I've setup for my users so I'm not sure where I would change that?

Please advise.
0
 

Accepted Solution

by:
amd599 earned 0 total points
ID: 24824215
I've sorted it out, had to do with security filters in GPO
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question