our GPO infrastructure has grown over the years and each admin has done its own type of work.
now i have to cleanup all those delegation settings.
what are the default settings and which ones are recommended for having high security?
i know,whenever I create a new GPO the following Active Directory system groups are granted access:
- Authenticated Users
- Domain Admins
- Enterprise Admins
- ENTERPRISE DOMAIN CONTROLLERS
by default.can or should i remove any of these and which ones would make sense to ad?