Our client is currently a Tier 1 PCI company and our auditor made a suggestion in regards to us as System Administrators / access rights. Right now, our entire Windows infrastructure is about 700 desktops and 80 servers, along with 10 domain controllers. Now, they're saying we should move to a system with three separate accounts, like this:
DOMAIN.CO.UKUserSRV (DC servers)
DOMAIN.CO.UKUserDC (Domain controllers)
Does this sound like a good idea to everyone? Thanks!