I am assisting a vendor in installing software on one of our servers. The software requires that the user be a member of the local Administrators group to install. This is fairly standard.
As a policy, we do not add users directly to the local Admins group. They need to be added to a domain users group and then that group can be added to the servers local admin group.
We created a domain users group for the vendors from this company. Added the users accounts to this group and then added the group to the local administrators group on the server.
The software would not install and the vendor stated that the reason was that the users needed to be added directly to the Administrators group. I tried that an it worked.
I am not looking for a solution on how to install the software, rather I am looking for an explanation as to why there would be a difference in adding a domain user account to a local group, vs adding a group they are a member of.