In the local security policy, enable auditing for account management.
Then check the security eventlog for event id 4733. That will tell you when and who removed the account. You will then need to investigate why that happened.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello!
Weird problem: when I add some domain user to the local Administrators group on Windows 10 PRO workstation he/she can be the member of this group for ~1-2 days and then their user accounts gets removed from the Administrators group. It's not the problem of gpo as I've tested it in the test domain without any gpos applied (except the default ones).
???
Thank you in advance,
Michael
In the local security policy, enable auditing for account management.
Then check the security eventlog for event id 4733. That will tell you when and who removed the account. You will then need to investigate why that happened.
MotoX80, thank you - I'll do it.
One of my users is having the same issue. I see where Security ID: System is removing the user from the local admin group. This seems to occur after windows updates. It's happened several time in the last month.
Now that I see where its happening, how can I prevent this in the future? I don't understand what's causing this to happen.
Hellp all,
I must apologise for not posting back the results of the testing performed: in my case it was the policy that defines the membership of local administrators group.
Regards,
Michael