1,923 questions
Might check;
whoami /groups
also check the user's UAC settings
--please don't forget to upvote and Accept as answer if the reply is helpful--
Windows 2019 Standard new administrator losing roles
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 57.99999999999999%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
Teofilo Homsany
26
Reputation points
Hi guys good morning,
I created a second domain administrator user on my Windows Server 2019 Standard and I am having issues that the user loses its administrative privileges after a few hours by itself.
Nothing is done, the server is not restarted but that adminstrator just becomes a regular user by itself so I can no longer go in as administrator.
The main administrator always works and does not have any issues but any administrator we create loses its permissions after a few hours and we have to reapply them to have it lose it again after some time.
What could be happening? there is no policy nor anything to disable the administrator after some time etc.
What could be causing this? Its really annoying.
UPDATE:
There is a Windows audit log number 4733 that is saying that the user was removed from Local Admin group. Why? I can't see the reason there but the log is showing Windows is removing the user from the group by itself.
Thanks,
Teo
Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-06-30T06:25:48.263+00:00 Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,
Sign in to comment
5 answers
Sort by: Most helpful
-
Anonymous
2021-06-26T12:39:24.62+00:00 -
Anonymous
2021-06-28T01:53:15.733+00:00 Hi,
Do you mean you create a common user and add the user to the administrator group then the user will be removed from the group?
Or you delegated the administrative permission to the users, then the permission will be lost?
For the first situation, it is suggested to check if there are restricted group policy for the administrator group?
You can check policies by run command: gpresult /h c:\report.html.Best Regards,
-
Teofilo Homsany 26 Reputation points
2021-07-01T13:39:03.963+00:00 We create a new user, set him as member of Domain admins group, Local admin groups and after a few hours, the permissions are revoked by itself.
No group policy.
I did have a user in the restricted group as an admin but removed the user completely and refreshed the group policy but still the issue persist.
No matter which user I create as another admin, after a few hours the user loses permission as Administrator by itself.
Never seen this issue before. Don't know what to do. -
Anonymous
2021-07-02T06:02:20.957+00:00 Hi,
To narrow down the issue, please confirm the following information:
If possible, would you please share a screenshot of the event 4733?
Just to confirm if there are other unexpected policies, run the command: gpresult /h report.html
Confirm if there are any schedule task or scripts are running.Best Regards,
Sign in to comment -
-
Anonymous
2021-06-30T11:12:59.793+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful---
Teofilo Homsany 26 Reputation points
2021-07-01T13:40:02.797+00:00 Nothing so far, keep creating an admin user and it loses its permissions by itself and is no longer admin nor can connect through RDP to the server.
I have to reapply the permissions as member of the admin group for it to connect again but then again it gets removed from the group by itself.
Sign in to comment -
-
Teofilo Homsany 26 Reputation points
2021-07-01T14:11:45.68+00:00 Looking at logs I am seeing that the user account keeps getting removed from local security policy by iteself.
Log with ID 4733.
Dont know why the server is removing that accoun permissions but I see it now in the logs. -
Anonymous
2021-07-01T15:52:59.677+00:00 Something here may help.
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4733
The subject should tell you who has made the request.--please don't forget to
upvoteandAccept as answerif the reply is helpful--