troubleshooting Question
Adding users to local admin group overrides domain admin credentials?
M9J asked on
I recently used domain group policy to add specific users to a local security group (local admin)
At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator. I could do these things with the user added to the local admin security group via domain group policy. It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator. How can this be? Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.
The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups
This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)
Thanks,
Mike
At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator. I could do these things with the user added to the local admin security group via domain group policy. It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator. How can this be? Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.
The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups
This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)
Thanks,
Mike
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 5 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.