I recently used domain group policy to add specific users to a local security group (local admin)
At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator. I could do these things with the user added to the local admin security group via domain group policy. It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator. How can this be? Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.
The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups
This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)
Thanks,
Mike
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.