Hi,
I have a strange issue trying to deploy local admin users on Windows 2008 R2 Servers via preferences GPO (This GPO only create an local "Install" account (from Computer Configuration\Preferences\Control Panel Settings > New Local User > Create)
then add this local user in the Administrators local Server Group (Via restricted Group settings))
This GPO applies correctly in my test environment but when I deploy it to my production Servers, it looks like an old GPO settings gets stuck as another local user named "admin" appeared.
I first tried to delete the "admin" account then run gpupdate /force but the "admin" turns.
I checked the GPO linked to the Servers OU, checked Security Groups properties, then run a gpresult /v to the server and the right GPOs are applied.
Then I enabled GPO Tracing preference via "Configure Local Users and Groups preference logging and Tracing" settings, everything is OK.
To discard a DNS problem I run ipconfig/ flushdns then arp -d * but same issue.
Fearing than an old GPO setting gets "tattooed", I used the Clean Registry Policy tool from SDM Software to clean my registry then run a gpupdate /force on one of my server and Jackpot! my GPO settings finally apply... but only for a while!!!! a couple of hours later when I log on on this servers the damned "Admin" account was created and my "Install" account disappeared... and I can't figure out where my problem is.
Any help will be appreciated...
Many thanks in advance!
I tried the following:
- Tracing GPO preference via "Configure Local Users and Groups preference logging and Tracing"