Windows Server TechCenter >

Windows Server Forums >

Systems adds automatically a AD security group to a local security group

Systems adds automatically a AD security group to a local security group

Wednesday, January 30, 2013 1:50 PM

0
Our fileserver (2008 R2 Standard) is member of the domain. On regular basis a AD security group is added to the local security group "Administrators". This is logged in de Eventlog. This looks like this (it's in Dutch)

Er is een lid toegevoegd aan een lokale groep met beveiliging.

Onderwerp:

                Beveiligings-id:                    SYSTEM

                Accountnaam:                     Servername$

                Accountdomein:                  OurDomain

                Aanmeldings-id:                  0x3e7

Lid:

                Beveiligings-id:                    OurDomain\SecurityGroup

                Accountnaam:                     -

Groep:

                Beveiligings-id:                    INGEBOUWD\Administrators

                Naam van groep:                 Administrators

                Domein van groep:                             Builtin

Does anybody knows how to solve this???
- Moved by Cheers ZHANGMicrosoft Contingent Staff, Moderator Thursday, January 31, 2013 1:51 AM
- Reply
- Quote

All Replies

Wednesday, January 30, 2013 2:07 PM

0
This is undoubtedly the Restricted Groups feature of a Group Policy. This feature is used to enforce membership in local groups, especially the local Administrators group. See these links:

http://technet.microsoft.com/en-us/library/cc756802(v=WS.10).aspx

http://support.microsoft.com/kb/279301?wa=wsignin1.0

http://technet.microsoft.com/en-us/library/cc785631(WS.10).aspx

Richard Mueller - MVP Directory Services
- Proposed As Answer by Cicely FengMicrosoft Contingent Staff, Moderator Friday, February 01, 2013 4:09 AM
- Marked As Answer by Cicely FengMicrosoft Contingent Staff, Moderator Monday, February 04, 2013 1:53 AM
- Reply
- Quote
Thursday, January 31, 2013 8:50 PM

0
Am 30.01.2013 15:07, schrieb Richard Mueller [MVP]:

>

> This is undoubtedly the Restricted Groups feature of a Group Policy.

>

In these modern days, it "may" be the GPP "Local users and groups"

feature, too :-)

SCNR

NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
- Marked As Answer by Cicely FengMicrosoft Contingent Staff, Moderator Monday, February 04, 2013 1:53 AM
- Reply
- Quote
Monday, February 04, 2013 9:38 AM

0

GPO was the problem. Mistake of a junior-junior-systemadministrator!!!!

Many thanks
- Reply
- Quote

Frequently asked questions - Forums help