Local Group not saving changes on Windows Server 2012 R2

I have a virtual server running Windows Server 2012 R2 inside my domain which is driving me absolutely crazy. Everytime I add a domain group to the local group "Administrators" it works for a while, but after 2 or 3 days it just vanishes from the server.

For easy management and access control, we create two Global Security Group in AD for each server, so for this one we have "[APPLICATION] Users Admin" and "[APPLICATION] Servers".

The first group is applied to the "Administrators" local group, and every domain user we need to give admin permissions are added to it. The second one is used to add every server that runs that application (in case we have more than 1), making it easy to our GPOs.

I'm starting to think that one of the admins is removing the group so he can ask us to remove the server from the domain, but I can't find a way to prove it.

Any ideas?


Category: active directory Time: 2016-07-29

