Securing Access at the Active Directory Level
Here are some ways to protect groups and user accounts with privileged access to ConfigMgr:
• Restrict rights to manage administrative accounts and groups to a small group of senior administrators. You should remove any delegated rights to groups such as helpdesk personnel. Consider moving administrative accounts and groups to specific organizational units (OUs) to simplify security management.
• Set auditing to record any changes to these user accounts and groups. Auditing policies are defined in the Default Domain Controllers group policy under Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policy -> Audit Policy. Events specified through the audit policy are ...
Get System Center 2012 Configuration Manager Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
