[Samba] AD User with Domain Admin
robert at marcanoonline.com
Fri Dec 4 12:23:55 UTC 2020
On 12/4/20 4:22 AM, Marco Gaiarin via samba wrote:
> Mandi! Robert Marcano via samba
> In chel di` si favelave...
>> As it should be, the Windows concept of being a domain administrator
>> granting you administrator on all machines is by default bad. That is why so
>> many AD security recommendations tell Windows administrators to have a
>> normal user for daily usage and switch to the domain administrator only when
>> needed, a cheaper version of sudo.
> Right. But on this i've found so many 'unofficial' siteas and paper,
> but no one 'official' Microsoft (or by some regulatory entity like
> CERT) document on this.
> You or someone here have some pointer? Thanks.
L.P.H. van Belle added a link to another more concise page, but I
usually point customers to  when they start asking to be Domain
Admins all the time. It is a longer read that includes more than the
reduction or protection of accounts inside the Domain Admins group.
More information about the samba