![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 63%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
28,661 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Thank you so much for posting here.
According to our description, the security group is getting removed when group policy refreshes or during the restart of the computer. It seems like effected by the group policy "Restricted Groups" or "Local Users and Groups" Group Policy Preferences.
Restricted Groups allows you to overwrite the existing local group with what you have configured in the Group Policy setting. Restricted Groups can be configured by opening a GPO and navigating to the following location: Computer Configuration/Policies/Windows Settings/Security Settings/Restricted Groups
If you create a Restricted Group for the Local Administrators group, the GPO will overwrite the existing local group membership and set the membership to whatever has been configured in the GPO. If a user adds himself to the local administrators group, the next time the policy refreshes, the local group membership will reset back to what is defined in the Restricted Group.
Another option to manage local group membership is to use Group Policy Preferences (GPP).To configure Group Policy Preferences, simply open a GPO and navigate to Preferences, then expand Control Panel Settings. It is under both Computer Configuraion and User Configuration.
When you right-click and create a new policy, you will have the option to add, remove or even modify local group membership. For example:
So to check this issue, we could run gpresult /h C:\report.html to get the GPO report and then check whether the above two settings are configured.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.