[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Why Local administrator membership is deleted, when the domain users shut down and restart their PC

Posted on 2014-08-15
Medium Priority
Last Modified: 2014-09-03
We had Windows 2008 Domain controllers and we have virtualised all our servers and our DCs are Windows 2012.

Windows XP PC (300)
Windows 7 (10 PCs)

We started upgrading our PC from windows XP to 7 . I have observed that some of the settings in Windows 7 PCs are not getting applied successfully as applied in XP.
For example;
Restricted user can customise the desktop in XP, but it doesn’t allow in Windows 7.
Restricted user logged in a XP cannot see Remote desktop and command prompt, but they can see the RDP and command prompt under Windows7 accessories.

When I asked my predecessors, they said the GPO was done for XP and because the GPO was done for XP, and this GPO will not get applied properly to windows 7 PC.

If I go to Windows 7 users PC and log in as administrator and add our domain users to a Local administrator group. When the domain users shut down and restart the PC and login the local administrator membership is deleted.
I don’t how this is happening.
But at the same time it doesn’t delete the local administrator membership on windows XP PC, it retains the membership even after it is rebooted and logged in back.

Please suggest how this can be resolved so that the local administrator membership doesn’t get deleted when they shut down the PC and log in back.

Question by:lianne143
LVL 60

Accepted Solution

Cliff Galiher earned 1500 total points
ID: 40262574
All of the things you listed are configurable group policy settings. And just so its clear, the defaults have not changed between XP and win7. So the differences are because of policies being enforced. Group policy inheritance, WMI filtering, and the plethora of settings make it fat too complex to go into in a single EE reply given your existing environment.

Author Comment

ID: 40282360
Thanks for your post.
Actually  we have a program installed on our Windows7 PC. We have a couple of domain users who use this program and when they open this shortcut it asks for administrator password.

If I give a local administrator permission on their Win7 PC to this domain user , and when they open this program, it doesn't prompt for administrator password and successfully opens.

Is there a different  way of sorting this so that it doesn't prompt for a administrator password OR
Can you please post me tutorials  as how to assign local administrator permissions in my network condition.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question