![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETE%3C/text%3E%3C/svg%3E)
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,075 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello,
Thank you for your question and for reaching out with your question today.
It seems like you are facing issues with installing applications and performing administrative tasks from a user account that previously had elevated privileges. The changes you made to delegation of control and group policies might indeed be the cause of the problem. Here's a step-by-step approach to troubleshoot and resolve the issue:
**1. Review Delegation of Control Changes:**
- Since you made changes to the delegation of control, carefully review the changes you made and make sure you didn't inadvertently remove necessary permissions.
**2. Verify Group Policy Settings:**
- Open the Group Policy Management Console (GPMC).
- Navigate to the GPO that is responsible for creating the restricted group (the one that includes the infotech account).
- Confirm that the GPO is applying correctly to the relevant OU containing the computers.
- Double-check the settings within the restricted group policy to ensure that the infotech account is correctly specified.
**3. Check Group Membership:**
- Confirm that the user account you're using is still a member of the appropriate groups, like the local "Administrators" group on the computers.
- Check whether the user account is still part of any group that grants administrative privileges.
**4. Group Policy Update:**
- Sometimes, a simple group policy update might resolve issues. You can trigger a group policy update on the client machine by running the command: `gpupdate /force`.
**5. Verify User Account Control (UAC) Settings:**
- Check the User Account Control settings on the affected computers. Make sure UAC is not set to the highest level, as it might prevent normal elevation prompts.
**6. Test with Another Account:**
- Test the installation and administrative tasks with another account that has administrative privileges. This will help identify if the issue is specific to the account or a system-wide problem.
**7. Check for Event Logs:**
- Review the Event Viewer logs on both the client machines and the domain controllers. Look for any errors or warnings related to group policy, security, or application installation.
**8. Verify Domain Trust:**
- Ensure that the client machine has proper connectivity to the domain controllers and there are no trust relationship issues.
**9. Local Security Policies:**
- In some cases, local security policies might affect administrative tasks. Review the local security policies on the client machine.
**10. Rollback Changes:**
- If you suspect that the recent changes caused the issue, consider rolling back those changes (if possible) and see if the previous functionality is restored.
**11. Consider GPO Changes:**
- If the issue persists, you might need to revisit the group policy settings, especially those related to restricted groups, and ensure that they are correctly configured.
Remember that making changes to group policies and security settings can have far-reaching effects, so it's important to approach troubleshooting with caution.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
If the reply was helpful, please don’t forget to upvote or accept as answer.
Best regards.