Builtin Administrators Domain Group

5 pts.
Tags:
Microsoft Windows
I have a collegue that has requested we remove the Enterprise Admins and Domain Admins from the BuiltinAdministrators group. Has anyone heard or seen this done? I am under the impression that Domain Admins and Ent. Admins get their permissions to perform tasks on a Domain Controller from that group. Any help is appreciated - thanks in advance...
ASKED: January 23, 2007  3:56 PM
UPDATED: January 24, 2007  11:32 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

I am assuming you are talking about removing the Global Domain and Enterprise Admins from the Local Builtin Administrators Group on a workstation. You can do this. However, there are a lot wider system management and security concerns once this happens.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MemphisJim
    Not the workstation. He requested to Remove the Domain Admins and the Enterprise admins from the BuiltinAdministrators group on a Domain Controller in the Builtin OU. Thanks in advance
    5 pointsBadges:
    report
  • Swiftd
    It sounds like a foolish move and might not work. Most of the built in groups cannot be deleted or modified in such a way that you would end up breaking the system. I've been through tons of security papers on securing Windows and have never seen such a request in anything from NSA, CIS, or Microsoft in order to secure a Windows system. Don
    0 pointsBadges:
    report
  • Platypus
    There must be a purpose for such a 'strange' request, and whatever it is needs to find a different solution. Even if you could find a way to remove these groups from AD, I would feel confident that you would break a great many things. I suggest you get more information and see what the problem is that your 'colleague' is really trying to solve.
    20 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following