Query on local administrator group in windows 10

Nishith Konchady 1 Reputation point
2021-12-03T03:17:23.657+00:00

An EU was created locally in a Windows 10 PC pro with local admin rights by their Old IT department. A command net localgroup Administrators workgroup\EU_username /delete was run remotely by us to remove his admin privileges using remote monitoring tool connectwise His profile worked fine for 6 days after which we see he has lost access to login.(The profile was not showing for him to login). We logged in with IT local admin account, went to lusrmgr.msc, looked for his profile, added him to a member of local users group, and managed to sign him in. My question is:When we run net localgroup Administrators workgroup\EU_username /delete, does it not add him back to the local user group of the PC? *Since it was working for 6 days and he lost access suddenly, what could be causing the issue? We even looked for event logs for the cause of it, even logs didn't mention anything about the deletion or any registry profile corruption. Many apologies for i didn't find answers on the internet and raising this as a case.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,690 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,156 Reputation points
    2021-12-03T19:20:13.81+00:00

    Hello @Nishith Konchady

    The Users group membership was probably intentionally removed at creation (when adding to Administrators doesn't remove other memberships, same as deleting Administrators membership doesn't add the Users membership.

    Often IT operators will delete other memberships rather than Administrator, to avoid restrictions caused by "winning" policies or settings.

    Hope this helps with your query,

    ------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments