Security Cadence: Limit your usage of the Domain Administrator group

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

Post Body

Due to the power of the DA group it is not always recommend to give DA to random users.

BUILTIN\Administrators is the group you want to put them in.

It goes back to the good and effective security by obscurity, the user thinks: "Hey, I have global administrator rights, I will go mad with power and abuse it." Whereas using the BUILTIN\Administrators they think: "Ah, the sysadmin gave me only the built in administrator on the local machine, I will go slightly less mad with power and abuse it less"

As always, I hope you find some nuggets of assistance in this post. And remember, never ever let good enough get in the way of being perfect.

Author

Account Strength

100%

Account Age

9 years

Verified Email

Yes

Verified Flair

Total Karma

8,154

Link Karma

4,529

Comment Karma

3,159

Profile updated: 2 days ago

Posts updated: 8 months ago

sememva

ShittyMod

Subreddit

r/ShittySysadmin

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.

Posted: 2 years ago
Reddit URL: View post on reddit.com
External URL: reddit.com/r/ShittySysad...