"Restricted Groups" Local Admins Changes Users’ Desktops

Home Forums Microsoft Networking and Management Services GPO "Restricted Groups" Local Admins Changes Users’ Desktops

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Member
    #154385

    Last week, I got a request to add the group “PC Techs” to the local administrator groups for all the users on the specific department in a remote office.

    The remote office, “5th Floor,” has it’s own OU in Active Directory, with a child OU called “Comptuers”

    5th Floor
    |-Computers

    In the Computers OU, I created a GPO with the following setting

    Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Restricted Groups
    Group: BUILTINAdministrators
    Members: ADXSYSTLDPC Techs

    I am aware that this setting replaces all the local admins configured on each PC.

    However, I was not expecting the following message from one of the PC Techs in that office:

    Ok, I’ve gotten all sorts of complaints this AM on the 5th Floor. Gnarly armed by a 4’8” wisp of a woman wanting to know what happened to her IE favorites. Lots of complaints about DESKTOP icons going blank. By that I mean when you look at properties of a desktop shortcut, there’s no info there. Don’t know what’s caused this, but I’ll be working the problem till we get it figured out. Right now, it’s causing massive grief because nobody can remember file locations on the network drives/shares. Sigh, we’ll get it figured out. Call me on my cell if needed as I won’t be at my desk much until this is resolved.

    and

    I don’t know what happened, but MSFT decided to blow almost everyone out of the local admin group. We needed to hit all the machines on the 5th floor and read the following: domain admins; admin and the domain account for the local user. I THINK, but am not sure, but did Robert add admin to the local admin group for the Office ’07 roll out? If so, then MSFT just got plain weird. Don’t know why it happened, but everybody is back up and working.
    As usual, if you’ve got questions, I might have answers.

    These are the e-mails I got, so you know exactly what I know about the reported symptoms.

    After I removed the GPO, several test users rebooted their machines, and everything was back to normal.

    As you can guess, these users are local administrators on their PCs, so the GPO change would have removed them from that group. However, why would the users be reporting that their desktop icons, shortcuts, and network drive mappings stopped working?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.