Solved

Local Admin Group Errors

Posted on 2011-03-02
9
342 Views
Last Modified: 2012-05-11
We have a server where we require a generic domain user to have access to the local admin group. The issue that we are expereincing is when we restart the server this user disappears and we have to go and re add this user or like today this disppeared without the server restart. and we had to go and re add, can anyone possibly shed some light on what this issue could be?
0
Comment
Question by:Mr_Wormald
  • 5
  • 2
  • 2
9 Comments
 
LVL 1

Expert Comment

by:klittlejohn1
ID: 35023799
How is the server setup like is it a physical or VM?  When you say disappear, can you give a little more detail on that?  It seems odd that an account would just disappear without someone removing it.

One thing you can do is create a group policy to add that user account to the local admins group and apply it to that server.  We do that now and it works great.  
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 250 total points
ID: 35023807
There may be a policy enforcing user membership. See what group policies are applied to that server using the gpresult command from a command prompt.
0
 

Accepted Solution

by:
Mr_Wormald earned 0 total points
ID: 35024054
klittlejohn1 there isnt much more information I can give other than it disappears. it is a physical machine not that I think that is any read pointer to the situation.....
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Assisted Solution

by:klittlejohn1
klittlejohn1 earned 250 total points
ID: 35026765
I would check to see if any GPs are being applied and start from there.  If not, try creating a GP making that user local admin and see if that works.
0
 

Author Comment

by:Mr_Wormald
ID: 35053653
What is the best way to create a GP making this occur, I looked through the local GP and couldnt find a policy that allowed me to set users to be apart of a certain group.

Thanks
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 35058655
Like I said, I would check to make sure an existing GPO isnt already applied enforcing this at the network level.

gpresult /R would help you see what existing policies are applied. You could also try using the Group Policy Management Console which has a good summary of only settings that are applied in that policy.
0
 

Author Comment

by:Mr_Wormald
ID: 35062430
I will check this, but this wouldnt explain the user disappearing multiple times durning a day, without any server restarts ...... or would it?
0
 

Author Comment

by:Mr_Wormald
ID: 35062585
Attached are the gpresults and also the Domain Policy that gets applied, the user that we need to stay is CHOICEHOMES\GFI which I can see is under the "Log on as a batch job" heading. Where would we add this user to have this user stay as the local admin. Default-Domain-Controllers-Polic.htm gpresult (cmd)
0
 

Author Closing Comment

by:Mr_Wormald
ID: 35115468
After further investigation I did find that there was a GPO setting the accounts in BUILTIN\Administrators, I have now created my own GPO to include those in the original list and then the ones that keep disappearing. Thanks for your help :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question