Active Directory Explained - Fine Tuning Controls for Privileged Accounts
image credit: Iperius
Highly privileged accounts (Domain Admins, Administrators, Enterprise Admins, etc.) are the ultimate goal for every threat actor or hacker out there. These accounts are sought after because they have unrestricted access and are used to perform administrative tasks within an Active Directory (AD) environment.
By default, Microsoft makes the Domain Admins group a member of the local administrator group on all domain-joined servers and workstations. While this default configuration offers significant administrative convenience (i.e, troubleshooting & support, centralized control, etc), it also poses security risks to both domain and local environments.
Additionally, it increases the attack surface for compromising the domain if any of these highly privileged accounts access a workstation through local logon, remote logon or run as, because the credentials for these accounts will be stored on the workstation.