Windows 10 Domain User is automatically made a local administrator

0

2

We have a Windows 2012 AD domain.

We have added some new Windows 10 Pro systems to our domain and are having an issue where when a domain user (non-admin) logs into the machine, they are automatically made a local administrator. Their account does not show up in the local Administrators group nor is there a place where we can see the user when logged in as an admin to be able to change them to a standard user.

The machines have been joined to the domain while logged in as a local admin and using the credentials of a domain admin. The first time the credentials of the domain user are used is when their account logs in for the first time after the machine was already a member of the domain.

Any ideas?

This is what it looks like when you go to settings while logged in as the user (last name and domain blacked out):

enter image description here

rubendn

Posted 2017-10-02T14:37:57.713

Reputation: 574

Are there other domain groups that are members of local admins? Is the user a member of one of those domain groups? – Clayton – 2017-10-02T14:49:41.890

The Local administrators group only contains 3 local accounts and the Domain Admins AD group of which the domain user is not a member of. – rubendn – 2017-10-03T14:11:21.120

Answers

1

Found out what the problem was.

We have a Remote Desktop Users Group that was (yikes!) added to the Domain Admins group and this caused the user to have admin rights on the machine. Luckily it was for only a short period of time and no damage was done.

rubendn

Posted 2017-10-02T14:37:57.713

Reputation: 574

Good thing to audit, and it's a good idea to audit that whole group. – Christopher Hostage – 2017-10-03T20:35:57.000

Asked: 2017-10-02T14:37:57.713

Viewed: 1 476 times

Active: 2017-10-03T19:10:14.213