Albert Widjaja
asked on
SCCM deployment security best practice for Domain Admins group ?
People,
Due to PCI requirement, the membership of the builtin domain admins must be secured, but somehow I noticed there are two things related to SCCM 2012 R2 which O do not know how to do.
PRODSCCM01-VM --> The SCCM central server
SCCM-Push --> SCCM client push install service account
How do I remove it from the domain admins membership but still maintain SCCM functionality ?
Due to PCI requirement, the membership of the builtin domain admins must be secured, but somehow I noticed there are two things related to SCCM 2012 R2 which O do not know how to do.
PRODSCCM01-VM --> The SCCM central server
SCCM-Push --> SCCM client push install service account
How do I remove it from the domain admins membership but still maintain SCCM functionality ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No ConfigMgr accounts need domain admin permissions.