Are the access tokens up to date? If these are new groups, or the group members have been added without logging in afterward, might this be the issue?
Just a thought. On Wed, Oct 14, 2009 at 3:09 PM, Tom Miller <[email protected]> wrote: > The group is a global security group. All workstations are XP. It does get > added, but we don't see users having the elevated perms. > >>>> Jonathan Link <[email protected]> 10/14/2009 3:02 PM >>> > I do this without any problems, but my environment is all Windows XP. Could > this be a Vista UAC issue? > > On Wed, Oct 14, 2009 at 2:55 PM, Tom Miller <[email protected]> wrote: >> >> Hi Folks, >> I have a GPO that adds an AD group to each Administrators local group on >> each local workstation. There are some users here that need to be admins, >> and this seems like a good work-around. Unfortunately this does not seem to >> work. The AD group gets added to the local administrators group, but members >> of the AD group still are not admins (cannot perform admin tasks), I'm >> guessing since they are not actually enumerated within the local >> administrators group? >> If I modify the GPO to add the AD user accounts to the local >> administrators group, they have the perms as needed. I didn't want to do >> this, since this advertises who has and who does not have permissions. >> Suggestions? >> Tom Miller >> Engineer, Information Technology >> Hampton-Newport News Community Services Board >> 757-788-0528 >> >> Confidentiality Notice: This e-mail message, including attachments, is for >> the sole use of the intended recipient(s) and may contain confidential and >> privileged information. Any unauthorized review, use, disclosure, or >> distribution is prohibited. If you are not the intended recipient, please >> contact the sender by reply e-mail and destroy all copies of the original >> message. >> >> > > > > > > Confidentiality Notice: This e-mail message, including attachments, is for > the sole use of the intended recipient(s) and may contain confidential and > privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
