Users removed from Local Administrators Group after reboot?

windows-7 user-accounts group-policy

Solution 1:

To confirm/deny group policy affects run rsop.msc or use GPResult on the client, and look to see what they show you about applied group policies.

Possibilities include "Restricted Groups":

This feature enables you - as the administrator - to configure group memberships on the client computers or member servers. You can add user accounts to groups on client machines that are in the scope of the policy

Or perhaps, the "Local Group" Group Policy Preferences:

The initial task of securing the local Administrators group is to ensure that the user no longer has membership in the group. This is easier said than done, since most companies have configured the user’s domain account to have membership in this group at installation of the user’s computer.

...As a perfect solution, you can use the Local Group – Group Policy Preference to accomplish the task within about 90 minutes of you implementing it.

Solution 2:

Configuring revocation settings for a domain.

Domain Admins is the minimum group membership required to complete this procedure.

To configure revocation settings for a domain:

  1. Click Start, point to Administrative Tools, and click Server Manager.
  2. Under Features Summary, click Add Features. Select the Group Policy Management check box, click Next, and then click Install.
  3. After the Installation Results page shows that the installation of the Group Policy Management Console (GPMC) was successful, click Close.
  4. Click Start, point to Administrative Tools, and then click Group Policy Management.
  5. In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy Group Policy object (GPO) that you want to edit.
  6. Right-click the Default Domain Policy GPO, and then click Edit.
  7. In the console tree under Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
  8. Double-click Certificate Path Validation Settings, and then click the Revocation tab.
  9. Select the Define these policy settings check box, select the policy settings that you want to apply, and then click OK to apply the new settings.

Related

How can I easily mount a Windows share from my Mac?
Returning Count of Values of Column D if Column G has a blank Value
Error message when trying to retrieve a value from a range using VLOOKUP
How to remove keyrings in Ubuntu?
How do I recover the MBR on a Thinkpad t420?
Why String class has copy constructor? [duplicate]
Turning on computer using communication port
How to manually download a streaming video (Firefox)
How to use less power while PC is on 24/7? [closed]
Is there a way to download Android apps to my PC?
How to run software that requires legacy library version?
Huge paged pool probably caused by fltMgr.sys , what to do? [duplicate]