Re: Missing Group for local admin group

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/22/05

  • Next message: Steven L Umbach: "Re: Missing Group for local admin group"
    Date: Fri, 21 Oct 2005 23:08:34 -0700
    
    

    Doh - good addition Steve.
    I am not sure where the blinders came from that kept
    machine startup/shutdown scripts from being mentioned !!

    Thx,
    Roger

    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:eojH$Am1FHA.2348@TK2MSFTNGP15.phx.gbl...
    >I would suspect that Restricted Groups is being implemented as others have
    >said. Another thing to do is to impellent auditing of account management on
    >those workstations in local [or otherwise appropriate] security policy.
    >Then look in the security log for events that indicate a change in
    >membership of the administrators group which would indicate the user that
    >did it and the time. If the user is system then it is most likely done by
    >Restricted Groups or a startup script. Also try adding the group to the
    >local administrators group, and then run the command secedit/ refreshpolicy
    >machine_policy enforce on that workstation. Check the membership of the
    >administrators group again. If your group was removed then almost certainly
    >it is Group Policy Restricted Groups. You can use the support tool gpresult
    >to see what Group Policies are being applied to the "computer" and one of
    >them would be implementing Restricted Groups. The link below may be helpful
    >as it explains the use of Restricted Groups. --- Steve
    >
    > http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
    >
    > <nsunny66@hotmail.com> wrote in message
    > news:1129646075.544150.309900@o13g2000cwo.googlegroups.com...
    >> Hi there
    >> This is driving me nuts. I am trying to figure out what is going on.
    >> I have a windows 2000 Active Directory, I have a group on the AD called
    >> SQL. I added the SQL group on to the local admin group on a couple of
    >> workstations (the workstations are on the same domain). The addition of
    >> the group is successful. The next day when i check the local admin
    >> group on the workstations, it is missing.
    >> Please Advice !!!!!
    >> Thanks
    >>
    >
    >


  • Next message: Steven L Umbach: "Re: Missing Group for local admin group"