Enterprise admin should be severly restricted.from a group membership standpoint.
I would.be sceptical about why the person needs to be a member of that group. Ed On Dec 24, 2015 1:00 PM, "Heaton, Joseph@Wildlife" < [email protected]> wrote: > I’ve been approached recently to put one of my admins into the Enterprise > Admins group, because he used to have it, and thought he needed it for a > specific task. We recently cleaned up this group, and I’m hesitant to > re-add another admin, especially on the basis of “I used to have it”. We > currently are down to 3 users in the group, myself and two others. The > accounts used are our admin accounts, which are Domain Admins in addition > to Enterprise Admins. What I was wondering is this: > > > > Should we actually be using unique accounts just for the Enterprise Admin > role, or is the way we have it ok? Should we instead have a service > account placeholder in the Enterprise Admin group, and use that to either > do whatever work needs done, or to add ourselves as needed? I’d love to > hear what everyone out there is doing. > > > > Thanks, > > > > Joe Heaton > > Information Technology Operations Branch > > Data and Technology Division > > CA Department of Fish and Wildlife > > 1700 9th Street, 3rd Floor > > Sacramento, CA 95811 > > Desk: (916) 323-1284 > > > > Every Californian should conserve water. >
