Might check;
whoami /groups
also check the user's UAC settings
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi guys good morning,
I created a second domain administrator user on my Windows Server 2019 Standard and I am having issues that the user loses its administrative privileges after a few hours by itself.
Nothing is done, the server is not restarted but that adminstrator just becomes a regular user by itself so I can no longer go in as administrator.
The main administrator always works and does not have any issues but any administrator we create loses its permissions after a few hours and we have to reapply them to have it lose it again after some time.
What could be happening? there is no policy nor anything to disable the administrator after some time etc.
What could be causing this? Its really annoying.
UPDATE:
There is a Windows audit log number 4733 that is saying that the user was removed from Local Admin group. Why? I can't see the reason there but the log is showing Windows is removing the user from the group by itself.
Thanks,
Teo
Might check;
whoami /groups
also check the user's UAC settings
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Hi,
Do you mean you create a common user and add the user to the administrator group then the user will be removed from the group?
Or you delegated the administrative permission to the users, then the permission will be lost?
For the first situation, it is suggested to check if there are restricted group policy for the administrator group?
You can check policies by run command: gpresult /h c:\report.html.
Best Regards,
Just checking if there's any progress or updates?
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Looking at logs I am seeing that the user account keeps getting removed from local security policy by iteself.
Log with ID 4733.
Dont know why the server is removing that accoun permissions but I see it now in the logs.
Something here may help.
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4733
The subject should tell you who has made the request.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--