0

It is my understanding that in a Windows domain, the Domain Admins group is automatically added to the local Administrators group for all domain members. I need to add another domain account to the local administrators group for some systems using Restricted Groups in Group Policy.

My question is: If I add a domain account to local Administrators using Restricted Groups, will it remove Domain Admins? What other domain groups are added to local Administrators by default and will they get removed as well?

SchrodingersDog
  • 1
  • `If I add a domain account to local Administrators using Restricted Groups, will it remove Domain Admins?` It will if the GPO does not specify Domain Admins as a member. `What other domain groups are added to local Administrators by default and will they get removed as well?` If you don't know the current group memberships, you shouldn't implement a Restricted Groups GPO. A Group Policy Preference group member may be a better fit. – Greg Askew Mar 02 '21 at 18:13
  • Don't use Restricted Groups. Use Group Policy Preferences to manage group membership. – joeqwerty Mar 02 '21 at 18:14

0 Answers0