troubleshooting Question
Adding users to local admin group overrides domain admin credentials?
M9J asked on
I recently used domain group policy to add specific users to a local security group (local admin)
At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator. I could do these things with the user added to the local admin security group via domain group policy. It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator. How can this be? Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.
The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups
This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)
Thanks,
Mike
At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator. I could do these things with the user added to the local admin security group via domain group policy. It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator. How can this be? Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.
The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups
This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)
Thanks,
Mike
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.