I recently used domain group policy to add specific users to a local security group (local admin)
At first everything appeared fine but then I started to notice that I could no longer remote into machines or check eventvwr as the domain administrator. I could do these things with the user added to the local admin security group via domain group policy. It appears that using GPO to add a specific domain user as a local admin on a workstation over-rode the credentials of a domain administrator. How can this be? Does domain not have priority? I'm sure I can add all domain admins to this group policy but that doesn't seem right.
The policy I edited was: Computer Configuration > Policies > Windows Settings > Security Settings >Restricted Groups
This is in a server 2008 R2 / Win 7 environment (XP machines are out there too)