As part of our new security requirements, I have created new security – global group called Service Accounts in the Accounts – Service OU.
Whenever a service account (User account to run as domainuser for service) is created in this OU that service account should be added to the service accounts security group – global.
Being in this group will deny the log on locally and log on via terminal services rights based on the settings within the new Secured GPO – Default group policy.
There are new groups required for every domain server as follows:
• Domain.com/SecureOU/Groups – Server Admins/Local Administrator on SERVERNAME
Ongoing, the domain groups need to also be placed into the local groups on every servers as follows:
• Local Administrator on SERVERNAME should as the name suggests be put in the Local Administrators group on the SERVERNAME. I’m still exploring a way to apply this via group policy.
• Remote Desktop access is required for the group Local Administrator on SERVERNAME to the server SERVERNAME. Infra are exploring a way to apply this via group policy, for now its manual same as the above.
Can anyone help me in automating the above process please ?
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.