I have the following situation:
I created a group named localadmins in which I put username “drupsa”.
I created a GPO for computers and I set-up Restricted Groups. I defined in Restricted Groups the group “Administrators” in which i put “Administrator”, “MYDOMAINDomain Admins” and “MYDOMAINlocaladmins”. Then I applied this GPO to an OU with computers.
I can see that the policy is successfully applied, i.e. if I go to Manage -> Local users and groups -> Groups -> Administrators I can see this: “Administrator”, “MYDOMAINDomain Admins” and “MYDOMAINlocaladmins”.
However, when I login with the user “drupsa” on the workstation, this user does not have local admin rights, even if it is member of MYDOMAINlocaladmins.
If I manually add on the workstation “MYDOMAINlocaladmins” to Administrators group on local, user “drupsa” has administrative rights.
I don’t understand why this is working when I manually add “MYDOMAINlocaladmins” but it’s not working when it is done via GPO.