Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image RemovedGroup Membership Enforcement is a control for:

  • Policy compliance
  • Regulatory compliance

Group Membership Enforcement is a security control to prevent insider and external abuse. It is a security "Best Practice" to eliminate unnecessary privileged accounts. Although Group Membership Enforcement can be applied to any group, however 98% of the time it is applied to the Administrators Group. Group Membership Enforcement ensures membership to the Administrators Group is enforced at all times.

Before enforcing groups and users, you must first must run the Local User Inventory Policy. Running the policy discovers the resources that you can work with. 

Info
titleAlways Include the Built-In Administrator

Always include the Built-In Administrator Account into the Local Administrator Group!