To create the default rules provided by Privilege Manager, use the Create GPO with Default Rules Wizard. To access the wizard from the Getting Started screen, select the Setup Tasks tab and then double-click Create GPO with default rules. Follow the prompts or see the Safeguard Privilege Manager for Windows Administration Guide for more information.
The last step in preparing your environment for least privileged use is to remove administrative access from users who no longer require it.
To scrub the Domain Administrators group of users that should no longer have administrative rights to every computer in the domain, use the native Active Directory Users and Computers utility of the supported Windows Server operating systems.
To remove users from the Domain Administrators group,
Select Domain Admins Properties > Members tab > Remove.
Click Discover Accounts in local Administrator groups to discover users and domain groups with local administrator rights.
NOTE: By default, the search results will only include domain users and domain groups. However, you can optionally opt to include local and built-in (for informational purposes only) users.
To discover which domain users have been assigned to the local Administrators group on client computers, and then remove them, under the Discovery & Remediation tab of the Console, select the Users with Local Admin Rights screen. For more information, see Safeguard Privilege Manager for Windows Administration Guide.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center
