troubleshooting Question

domain users in local users group on servers

Avatar of lsysamc
lsysamcFlag for United States of America asked on
Windows Server 2008Windows Server 2012Microsoft Server OS
5 Comments1 Solution97 ViewsLast Modified:
Looking for some opinions here.  When a server is joined to the domain, the domain users group is automatically added to the local users group on that server.  Has anyone noticed anything harmful or anything to watch for in removing this?

We disabled log on locally a while ago but that wasn't the issue we encountered.  This gave all users the ability to create folders and files and have read access on all the shares by default unless this was implicitly removed.  We had a user get infected with a ransom-ware virus and it was able to browse, server by server, every share on every server and try to encrypt these files.  (shares were not mapped)  We found it was able to read the files and create an encrypted version but not able delete the old copy so we didn't lose any data.  This did, however, imply to me that this default action on a server is a security risk.

Should domain users be removed from the local users group on servers?
ASKER CERTIFIED SOLUTION
zalazar

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros