...
Group Membership Enforcement
...
Group Membership Enforcement is a control for:
- Policy compliance
- Regulatory compliance
Group Membership Enforcement is a security control to prevent controls for policy and regulatory compliance, and prevents insider and external abuse.
It is a security "Best Practice" to eliminate unnecessary _privileged _best practice to eliminate unnecessary privileged accounts. Although you can apply Group Membership Enforcement can be applied to any group, however 98% of the time it is mostly applied to the Administrators Group. Group Membership Enforcement ensures membership to the Administrators Group is enforced at all times.
Before enforcing groups and users, you must first must run the Local User Inventory Policy. Running the policy discovers to discover the resources that you can work with. 
The following documents guide you through creating provisioned users and groups, and adding them to policies and tasks:
| Child pages (Children Display) |
|---|