Re: Missing Group for local admin group
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: Fri, 21 Oct 2005 23:08:34 -0700
Doh - good addition Steve.
I am not sure where the blinders came from that kept
machine startup/shutdown scripts from being mentioned !!
"Steven L Umbach" <email@example.com> wrote in message
>I would suspect that Restricted Groups is being implemented as others have
>said. Another thing to do is to impellent auditing of account management on
>those workstations in local [or otherwise appropriate] security policy.
>Then look in the security log for events that indicate a change in
>membership of the administrators group which would indicate the user that
>did it and the time. If the user is system then it is most likely done by
>Restricted Groups or a startup script. Also try adding the group to the
>local administrators group, and then run the command secedit/ refreshpolicy
>machine_policy enforce on that workstation. Check the membership of the
>administrators group again. If your group was removed then almost certainly
>it is Group Policy Restricted Groups. You can use the support tool gpresult
>to see what Group Policies are being applied to the "computer" and one of
>them would be implementing Restricted Groups. The link below may be helpful
>as it explains the use of Restricted Groups. --- Steve
> <firstname.lastname@example.org> wrote in message
>> Hi there
>> This is driving me nuts. I am trying to figure out what is going on.
>> I have a windows 2000 Active Directory, I have a group on the AD called
>> SQL. I added the SQL group on to the local admin group on a couple of
>> workstations (the workstations are on the same domain). The addition of
>> the group is successful. The next day when i check the local admin
>> group on the workstations, it is missing.
>> Please Advice !!!!!