Problem: large enterprise with multiple groups responsible for managing different applications, how to ensure proper access to local Administrators groups on the application servers?
Possible Solution: all applications are group per OU type and use a GPO with a defined set of groups to have access to a particular application.
Was also contemplating removing the Domain Admins group out of the local Administrators groups on servers ?
Anyone else have any good ideas or have done something similar ?
Thank You ! And have a nice day !
