Domain Admin does not have admin privileges on domain Win10 workstation:
DC/AD: Windows Server 2016
Workstation: Windows 10 Enterprise 2OH2 19042.1110
As a member of the "Domain Admins" and "Administrators" groups, a user "sean" is denied elevated privileges on a Windows 10 machine, and it is continually prompted for elevated admin rights. This issue began after this new domain admin user was created and logged on to this machine for the first time.
CMD "whoami /groups" does not show inherited domain admin groups, however, CMD "net user sean /domain | find 'group'" does show user "sean" as a member of the "Administrators" and "Domain Admin" groups.
- If the same user "Sean" logs onto another Windows machine, the user has elevated permissions.
- Other domain admins do not experience this issue on this workstation.