Quantcast
Channel: Directory Services forum
Viewing all articles
Browse latest Browse all 31638

Limiting use of BUILTIN\Administrator account

$
0
0

I am looking to limit the use of our domain admin default administrator account.  I understand that the best practice is to create individual accounts and delegate necessary authorization to these accounts - this will provide for the most accountability if something goes wrong - provides a better audit trail.

I currently have my own personal admin account, and I have it delegated so that it makes me a local admin on all machines in the domain - however there are still times that I don't have authorization to do things that my domain administrator account can. 

My own admin account is a member of a group called AD Admin, which is a member of the Domain Admins group.  Shouldn't this make my user a domain admin?

Have you dealt with this?  If so, how did you handle it?

Thanks, 

sb



Viewing all articles
Browse latest Browse all 31638

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>