AD restricted groups issue
Posted on 2013-12-15
Very strange issue. We use restricted groups to apply several domain users and groups as local administrators to domain laptops. This has been working fine since day 1, and is still working fine for all machines except my laptop.
Following some windows updates on my Win7 laptop the other day, I logged in and now have no permissions to my own C:\ . Strangely though, if I log out then log in as the domain administrator then the restrict groups settings are applied fine.
I've messed about trying with GPUPDATE /FORCE and GPRESULT and the GPO (default domain policy) is being applied under my user account. The default domain policy is our only GPO. But even though it says the user and computer policies are being applied, I'm still stuck with no access to C:\ (no permissions).
I tried a system restore to a few weeks ago when things were working fine, but this had no effect.
Tbh I'm stuck now. I don't understand why this seems limited to my user account only. Out of interest I've just tried logging into a Win8 machine with my user account, when I do I get the correct permissions (local admin).
Any help would be much appreciated.