Harrris
asked on
Active Directory Read Access on Groups and Default Permissions
It seems that all AD authenticated users by default are able to list the members of all groups, including Domain Admins and Enterprise Admins groups. Is there a reason for this?
If I disable the read access from some of the groups, i.e. so that users will not be able to find out the Domain Administrators accounts, this will cause any problems?
Also, are there any other default read permissions that it's suggested to be disabled, for security purposes?
Thanks,
If I disable the read access from some of the groups, i.e. so that users will not be able to find out the Domain Administrators accounts, this will cause any problems?
Also, are there any other default read permissions that it's suggested to be disabled, for security purposes?
Thanks,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Security by obscurity is not a realistic and what the OP wants will break more things without adding any security
So I'll ask you to draw a scenario where making the group members unlistable for domain members would help.