none
gpo to modify local administrator group

    Question

  • I created the gpo to modify local administrator group by going to the Computer Configuration > Preferences > Control Panel Settings > Local User and Groups option. I added the members I want and did check "delete all member users". I enforced the policy at the test OU. But when I logged in to the test machine to verify, the policy got push down as I could tell from gpresult but when I opened the local users and groups from the machine, I still see nt authorty/interactive in the administrator group and the members I specified are not in the local administrator group. check the event viewer which also tells policies applied successfully.

    What could go wrong? Any advice on where I can look into will be greatly appreciated!!!

    Friday, July 13, 2018 3:02 PM

All replies

  • Hello,

    Did you check that you don't have another GPO inherited which configure restricted groups ?

    Best Regards,

    Friday, July 13, 2018 4:04 PM