Restricted security groups? Now locked out of admin group, account was removed automatically. #78
Comments
|
Message that will be displayed on users' first issue |
|
@dohabandit You also mention the stig script. Did you mean to open an issue on there? Or are you referring to this repo? Please clarify. |
simeononsecurity
added
bug
|
I did a clean install of Windows 11 Pro on my laptop (MSI Stealth 17) as it came with home version and extra bloat related items. The OS was activated, but I was having issues with getting my Office 2019 key to activate. The office installer kept wanting me to use an online MS account, online account blocked by the STIG script, and there were activation errors in the windows event logs. I applied the STIG script using the UI installer (.exe). I didn't check all of the SoS options (I think I left bitlocker unchecked). Unfortunately I didn't save the log output in the installer window, but I did notice some errors. I made an image of that OS, and reloaded it using same process. I can extract any files from that image if you need them. I applied your STIG/hardening script again, this time I allowed all items to be checked. I also saved the output window text to a log file. There are only a few errors listed at the very end which appear to be when gpupdate was run. I believe these were the same errors. The following warnings were encountered during computer policy processing: The following warnings were encountered during user policy processing: Even after reboots, I am seeing these errors in windows event log: |
|
With regards to those group policy errors those are expected. It's an issue with applying some configurations that can't be applied locally. We're working on a fix for it. But for now the errors there mean nothing. You can safely ignore those for now. You can google the configurations for the restricting online microsoft accounts. Besides that can you clarify what issues you're having specifically. |
|
The only issue was the local admin account that I created was somehow removed from the administrators group. The original administrator account was renamed to X_Admin, disabled, but remained in the admin group as expected. There was an online MS account that was in the group, but that account was also disabled as expected. I have a good understanding of local security policies, domain policies, etc. I have designed and operated AD forests that support more than 150k users. The local admin account was working after the STIG script was applied, and several reboots had occurred post STIG process. It just suddenly dropped out of the local admins group. 100% positive that I didn't accidentally remove it. |
|
There are no configurations in the script that remove users from groups. At most they would remain in the groups but be disabled. |
|
Closing due to no update |
I created a new user, added the user to the admin group, made sure this user didn't have a PIN setup for login.
This user worked for weeks on a standalone Windows 11 Pro install with no issues. System was rebooted several times. This isn't an issue with reading the instructions prior to running the STIG script, this is something that occurred automatically long after the system was in operation.
Suddenly this user has been removed from the admins group. As expected, the other accounts in that group are disabled, X_Admin and the original user account that microsoft created as the user account which is an online account with a PIN, so it's disabled. I created this new admin account prior to running the STIG script.
Any idea why the administrators group would suddenly have the account that I created removed?
This system isn't joined to a domain, it's a standalone install. No chance of another admin pushing a setting or group restriction policy.
The text was updated successfully, but these errors were encountered: