I have created an AD group called “Local Admins” which I’ve added to the built-in “Administrators” group of my servers through a GPO. I have verified that on the servers, “Local Admins” is now part of the “Administrators” group as intended. I’ve been able to remote into the servers with the sole user that is part of “Local Admins”.
Fast forward a few days later and I created a new AD user, and added it to the “Local Admins” group. I’m unable to remote into the servers with this user. I get the “not authorized for remote login” error message. It only works if I add the new user directly into the “Administrators” group (shouldn’t it work already through my “Local Admins” group?).