Admins disappear from in HyperV Guest when Guest is joined to domain.

Single domain, one DC, one member server with HyperV role holding one Guest OS. Add some local accounts to local
Administrator group on Guest, now have two custom local admins on Guest. Guest joins domain, *poof!*, no one in
the Local Administrators Group on Guest, not even the Domain Admins group. For science I added Domain Admins to
Domain.com\HyperV_Admins (Built-in). Didn't help, still no one in local Admins Group on Guest. Guest literally has no Administrators now. Tried to GPO\Restrcited Groups to add Domain Admins and Domain\SomeUser as Administrator, but still no Local Admins on Guest. (Yes, linked GPO to the OU containing Guest computer account). Only fix is to utlilman hack and add LocalAdmin to Administrators group. But that doesn't survive a reboot. SOMETHING is pulling accounts out of the Local Administrators Group on the Guest when it is joined to the domain.
At this point I'm out of ideas. Seems like it should be simple. Has anyone else come across this?

Thanks

Find more posts tagged with

Comments

Mike7

Probably Group Policy.
Were you trying out Restricted Groups?

maelstrom3530

No other policies are being applied to the VM Guest. I placed the Domain Admins group and User01 into Restricted Groups:

Computer Config\Windows Settings\Security Settings\Restricted Groups

Mike7

Maybe disable the group policy?

maelstrom3530

The problem exists with or without the Group Policy Object.

BornToBeMild

It does sound like a Group Policy issue. Try running gpresult on the client from an elevated prompt. /V or /Z options should tell you which settings are being applied.

Also, if your client is Windows 10 make sure you're using the Windows 10 ADMX templates.

maelstrom3530

Well, nevermind. It's working today!

I removed the users/groups from the Restricted Groups section, then added them back, gpupdated and boom, back in business.