Active Directory Read Access on Groups and Default Permissions
Posted on 2016-10-16
It seems that all AD authenticated users by default are able to list the members of all groups, including Domain Admins and Enterprise Admins groups. Is there a reason for this?
If I disable the read access from some of the groups, i.e. so that users will not be able to find out the Domain Administrators accounts, this will cause any problems?
Also, are there any other default read permissions that it's suggested to be disabled, for security purposes?