All, Anyone seen this before ? We are in a multi-lingual environment: · DC's/AD in French · Some member servers in English è In Restricted Groups we added "Administrateur" (in French) as one of the members of the local administrators group o "Administrateur" shows as "Administrateur" in the GptTmpl.inf file (not it's SID but the name written in French) è If this GPO is applied to the English version (member) servers, the local administrators group contains these members: o "Local server\Administrator" o "Domain\Administrateur" o Etc. (all other groups specified in the Restricted Groups policy) How does this work? The CSE responsible for that, does it do this : * query "Administrateur" - error * cannot find it locally, finds it in the domain and adds "Domain\Administrateur" If that is true, this would explain how "Domain\Administrateur" got into the local administrators group, but how did the "Local\Adminstrator" account get added? (as the GPO has been configured with /and the .inf file contains "administrateur", not "administrator") Even though it's of course perfectly alright to have the "Local\Administrator" account in the Local Administrators group, I still would have liked to understand why this happened, and also whether there is a way to keep the "Domain\Administrateur" account out of it. Thanks in advance for your help, Hendrikus