Windows 2019 Standard new administrator losing roles

Teofilo Homsany 26 Reputation points
2021-06-26T12:20:44.907+00:00

Hi guys good morning,
I created a second domain administrator user on my Windows Server 2019 Standard and I am having issues that the user loses its administrative privileges after a few hours by itself.
Nothing is done, the server is not restarted but that adminstrator just becomes a regular user by itself so I can no longer go in as administrator.
The main administrator always works and does not have any issues but any administrator we create loses its permissions after a few hours and we have to reapply them to have it lose it again after some time.
What could be happening? there is no policy nor anything to disable the administrator after some time etc.
What could be causing this? Its really annoying.

UPDATE:
There is a Windows audit log number 4733 that is saying that the user was removed from Local Admin group. Why? I can't see the reason there but the log is showing Windows is removing the user from the group by itself.

Thanks,
Teo

Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes

5 answers

Sort by: Most helpful
  1. Anonymous
    2021-06-26T12:39:24.62+00:00

    Might check;
    whoami /groups
    also check the user's UAC settings

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  2. Anonymous
    2021-06-28T01:53:15.733+00:00

    Hi,
    Do you mean you create a common user and add the user to the administrator group then the user will be removed from the group?
    Or you delegated the administrative permission to the users, then the permission will be lost?
    For the first situation, it is suggested to check if there are restricted group policy for the administrator group?
    You can check policies by run command: gpresult /h c:\report.html.

    Best Regards,


  3. Anonymous
    2021-06-30T11:12:59.793+00:00

    Just checking if there's any progress or updates?

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  4. Teofilo Homsany 26 Reputation points
    2021-07-01T14:11:45.68+00:00

    Looking at logs I am seeing that the user account keeps getting removed from local security policy by iteself.
    Log with ID 4733.
    Dont know why the server is removing that accoun permissions but I see it now in the logs.

    0 comments No comments

  5. Anonymous
    2021-07-01T15:52:59.677+00:00

    Something here may help.
    https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4733
    The subject should tell you who has made the request.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.