Monthly Archives: October 2011

Assigning admin privileges on Domain Controllers

Active Directory (AD) is the core of a Windows Server network and consists of a database that stores usernames and passwords, plus several technologies that work together to provide security and management services to clients and servers. Domain controllers (DCs) are servers that host a copy of the AD database and run related services.

Continue Reading


What is the Right Amount of GPOs?

This is a question I get all the time, so I thought I’d take a moment and share some thoughts on this question.

Before we get to “What is the right amount of GPOs”, let’s start off with “Can I have too many GPOs?”

One of the problems with Group Policy, in general, is that there isn’t much “organization” inside the Group Policy Objects node within the GPMC. Simply, you get a flat list of GPO names – listed alphabetically. This isn’t ideal if you have, say, thousands of Group Policy Objects and are looking for one, in particular, needle in a haystack.

Continue Reading


Who Has Admin Rights?

Before implementing a least privilege desktop policy it is generally good practice to know who you are likely to affect. This is not an easy task if you do not already manage or track which users have previously been given local admin rights on their devices.

Continue Reading