Jump to content


ulf.lundh

Stop admins from using domain admin accounts to login to their clients

Recommended Posts

Im having some problems reaching my fellow Admins at work. They use their Domain admin accounts as their day-to-day accounts when then login to their win7 / win10 computers. They use the same accounts to login to the servers and i already have had some problems with apps getting deployed to servers (since they are also members of app-groups). I know how to limit the logon locally GPO, but what else can i do to make them stop doing this? I need some help convincing them since im not getting through. Any good article out there ?

  • Like 1

Share this post


Link to post
Share on other sites


The book, Mastering System Center 2012 R2 Configuration Manager,

on page 776 under chapter 17 - Role - Based Administration:

 

http://www.amazon.com/Mastering-System-Center-Configuration-Manager/dp/111882170X

 

Quote:
"

Full administrator? Oh My!

 

(...) Users (or groups) who are assigned to this security role hold all the keys to all of the castles in the ConfigMgr 2012 environment. As a result, the number of users or groups who have this security role should be very limited. Because of the power that this role holds, the fewer the administrative users who have this role the better! Also, the organization should periodically review the access requirements for administrative users who hold this role and determine if they can be provided with a less-powerful security role. (...)

"


Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...