I’m pulling my hair out on this, and I don’t understand what I’m missing.
I have an admin Name Bob. I have added Bob to a global security group named “LocalAdmins”.
We go to PC (Harry’s) that is joined to the domain, add the “LocalAdmins” group to the Administrators group under Local users and groups, and reboot.
Bob tries to install some software on Harry’s PC, it asks for credentials, as Harry does not have admin rights, and Bob enters his credentials. It does not work. (also tried right-click, run as admin, same result)
I remove the LocalAdmins group from Local Admins, and add Bob directly.
Reboot. Bob can install software on Harry’s PC.
I’ve checked that the domain shows Bob as being a part of the “LocalAdmins” AD group with:
NET USER bob /domain
I’ve made sure LocalAdmins shows up when I run “net localgroup Administrators”.
It doesn’t make any sense. Is there something I’m missing?
I’m not using a GPO or anything like that for this, just doing it manually.
Domain level is Win 2003, (thought we are running all win 2012 DC’s)