Admins disappear from in HyperV Guest when Guest is joined to domain.

maelstrom3530maelstrom3530 Member Posts: 40 ■■□□□□□□□□
Single domain, one DC, one member server with HyperV role holding one Guest OS. Add some local accounts to local
Administrator group on Guest, now have two custom local admins on Guest. Guest joins domain, *poof!*, no one in
the Local Administrators Group on Guest, not even the Domain Admins group. For science I added Domain Admins to
Domain.com\HyperV_Admins (Built-in). Didn't help, still no one in local Admins Group on Guest. Guest literally has no Administrators now. Tried to GPO\Restrcited Groups to add Domain Admins and Domain\SomeUser as Administrator, but still no Local Admins on Guest. (Yes, linked GPO to the OU containing Guest computer account). Only fix is to utlilman hack and add LocalAdmin to Administrators group. But that doesn't survive a reboot. SOMETHING is pulling accounts out of the Local Administrators Group on the Guest when it is joined to the domain.
At this point I'm out of ideas. Seems like it should be simple. Has anyone else come across this?

Thanks
2015 Goals: [X] ICND2 [X]70-680 [X]70-685 [X]70-640
2016 Goals: [X]70-410 [X]70-411
2017 Goals: [X]70-412
2018 Goals: [_]70-697 [_]70-698

Comments

  • Mike7Mike7 Member Posts: 1,112 ■■■■□□□□□□
    Probably Group Policy.
    Were you trying out Restricted Groups?
  • maelstrom3530maelstrom3530 Member Posts: 40 ■■□□□□□□□□
    No other policies are being applied to the VM Guest. I placed the Domain Admins group and User01 into Restricted Groups:

    Computer Config\Windows Settings\Security Settings\Restricted Groups
    2015 Goals: [X] ICND2 [X]70-680 [X]70-685 [X]70-640
    2016 Goals: [X]70-410 [X]70-411
    2017 Goals: [X]70-412
    2018 Goals: [_]70-697 [_]70-698
  • Mike7Mike7 Member Posts: 1,112 ■■■■□□□□□□
    Maybe disable the group policy?
  • maelstrom3530maelstrom3530 Member Posts: 40 ■■□□□□□□□□
    The problem exists with or without the Group Policy Object.
    2015 Goals: [X] ICND2 [X]70-680 [X]70-685 [X]70-640
    2016 Goals: [X]70-410 [X]70-411
    2017 Goals: [X]70-412
    2018 Goals: [_]70-697 [_]70-698
  • BornToBeMildBornToBeMild Member Posts: 69 ■■□□□□□□□□
    It does sound like a Group Policy issue. Try running gpresult on the client from an elevated prompt. /V or /Z options should tell you which settings are being applied.

    Also, if your client is Windows 10 make sure you're using the Windows 10 ADMX templates.
  • maelstrom3530maelstrom3530 Member Posts: 40 ■■□□□□□□□□
    Well, nevermind. It's working today! icon_cool.gif
    I removed the users/groups from the Restricted Groups section, then added them back, gpupdated and boom, back in business.
    2015 Goals: [X] ICND2 [X]70-680 [X]70-685 [X]70-640
    2016 Goals: [X]70-410 [X]70-411
    2017 Goals: [X]70-412
    2018 Goals: [_]70-697 [_]70-698
Sign In or Register to comment.