Looking for some opinions here. When a server is joined to the domain, the domain users group is automatically added to the local users group on that server. Has anyone noticed anything harmful or anything to watch for in removing this?
We disabled log on locally a while ago but that wasn't the issue we encountered. This gave all users the ability to create folders and files and have read access on all the shares by default unless this was implicitly removed. We had a user get infected with a ransom-ware virus and it was able to browse, server by server, every share on every server and try to encrypt these files. (shares were not mapped) We found it was able to read the files and create an encrypted version but not able delete the old copy so we didn't lose any data. This did, however, imply to me that this default action on a server is a security risk.
Should domain users be removed from the local users group on servers?