troubleshooting Question

Adding users to local admin group overrides domain admin credentials?

Avatar of M9J
M9J asked on
Active DirectoryWindows Server 2008
5 Comments1 Solution2650 ViewsLast Modified:
I recently used domain group policy to add specific users to a local security group (local admin)

At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator.  I could do these things with the user added to the local admin security group via domain group policy.  It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator.  How can this be?  Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.

The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups

This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)

Thanks,

Mike
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 5 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros