The following scenario is weird. Please be advised.
I have created a GPO on an OU containing workstations like this:
This GPO purpose is to make the Backup Operators group a member of the local Administrators group on all the workstations inside the OU.
Here is the content of this GPO:
Then when I check if the GPO is applied using gpresult on a workstation inside the Organisational Unit (OU) on which the GPO is applied, I can see that it is correctly applied on that workstation:
But when I go check in the local group on the workstation, in the local Administrators group, I should see the Backup Operators group inside it, but no:
Even after a gpupdate /force followed by a reboot, I end up with the same result.
Have I done something wrong?
EDIT:
This is what I get in the Event Viewer after I do a gpudpate /force:
Security policies were propagated with warning. 0x4b8 : An extended
error has occurred.
For best results in resolving this event, log on with a
non-administrative account and search http://support.microsoft.com
for "Troubleshooting Event 1202's".
Best Answer
Heh, you're going to slap yourself !
"Backup Operators" is a built-in Domain Local security group.
As per my aging MCSE, a domain local security group cannot be a member of another group.
It is a so-called "endpoint" group and can only apply to DACLs and the like.