Re: Missing Group for local admin group

From: Roger Abell [MVP] (
Date: 10/22/05

  • Next message: Steven L Umbach: "Re: Missing Group for local admin group"
    Date: Fri, 21 Oct 2005 23:08:34 -0700

    Doh - good addition Steve.
    I am not sure where the blinders came from that kept
    machine startup/shutdown scripts from being mentioned !!


    "Steven L Umbach" <> wrote in message
    >I would suspect that Restricted Groups is being implemented as others have
    >said. Another thing to do is to impellent auditing of account management on
    >those workstations in local [or otherwise appropriate] security policy.
    >Then look in the security log for events that indicate a change in
    >membership of the administrators group which would indicate the user that
    >did it and the time. If the user is system then it is most likely done by
    >Restricted Groups or a startup script. Also try adding the group to the
    >local administrators group, and then run the command secedit/ refreshpolicy
    >machine_policy enforce on that workstation. Check the membership of the
    >administrators group again. If your group was removed then almost certainly
    >it is Group Policy Restricted Groups. You can use the support tool gpresult
    >to see what Group Policies are being applied to the "computer" and one of
    >them would be implementing Restricted Groups. The link below may be helpful
    >as it explains the use of Restricted Groups. --- Steve
    > <> wrote in message
    >> Hi there
    >> This is driving me nuts. I am trying to figure out what is going on.
    >> I have a windows 2000 Active Directory, I have a group on the AD called
    >> SQL. I added the SQL group on to the local admin group on a couple of
    >> workstations (the workstations are on the same domain). The addition of
    >> the group is successful. The next day when i check the local admin
    >> group on the workstations, it is missing.
    >> Please Advice !!!!!
    >> Thanks

  • Next message: Steven L Umbach: "Re: Missing Group for local admin group"