Following the instructions here: https://richardstk.com/2013/11/26/adding-domain-users-to-the-local-administrators-group-using-group-policy/ I'm trying to add DOMAIN\Domain Users to the Administrators group on workstations that are joined to the domain. The Group Name for the Restricted Group is DOMAIN\Domain Users. I've set this groujp as a member of Administrators. Upon completion of the instructions and running gpupdate /force, nothing has changed. The domain groups in the local Administrators group remain but Domain Users hasn't been added. Even tried rebooting a workstation that should get the new group added to the local Administrators group. I can add the domain group to each workstation manually. What do I need to do to fix this issue?
Please note that I couldn't find this bug because I was clicking on the My Requests link instead of My Bugs. Because of that error I submitted bug #13732 that contains the resolution. Maybe the maintainers of Bugzilla can combine the two bug reports into one.
My apologies. I confused this bug with a different one. I set the status back to REOPENED, as this issue is not yet resolved.
Closing this as worksforme, not that I have tried adding Domain Users to Administrators, who really would want every domain user to be an administrator ? I can add groups to Administrators and they work, users who are members of a group added become an administrator.
I don't recall the exact reason why it was desirable to have the Domain Users group be part of the local administrators on the workstations. I believe a client of mine wanted it that way. I know my domain is not configured that way. Thanks for looking into the situation.
Could the issue here be primary vs secondary groups? We had strange issues with primary groups on MIT Kerberos based AD DC installs a while back that we never got to the bottom of. Even if not administrators, it should be possible to add a primary group to a local alias.