The problem is that GPO doesn't show under Applied GPOs in gpresult on that local machine, and any users in Local Admin AD group don't actually have local admin privileges on those machines after several gpupdates/reboots, relogs. After I performed a gpupdate /force and then viewed the administrators group on one of the local machines on the domain it showed domain\Local Admin which by all appearances means the GPU pushed successfully to that local machine. A user who has an Administrator account type is called. I then created a new GPO and linked at domain root in Group Policy, using restricted groups, to make members of Local Admin part of the Administrators group. This is your main account for logging in to Windows 10, but it is not the actual Administrator. And you are saying you see that change being made correct?ฤก00% sure the user you are testing with actually resides in that new security group you created? I created a new group in active directory on the domain controller called Local Admin and added specific AD users to it, including my test AD account. You are not trying to use a local group correct? You are adding an AD group to the local administrators group on the machine. From my understanding you are trying to add a security group to a local admin group via group policy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |