Procmon on the services they are running comes to mind....figure out what processes they are using in task manager and filter Procmon to monitor those processes. That will give you a list of what they are doing, which you can look at and see what perms are required to do that. It will be a bit time consuming. Might be faster to off hours remove it and see what happens. :)
http://technet.microsoft.com/en-us/sysinternals/bb896645 I doubt your services need to be Domain Admins. Most software plays much better than that these days. Certainly there are exceptions. You could also toss up a list here of what software this is for if you want if that doesn't cause security concerns for you. I bet the collective will know about most of them. From: David Lum [mailto:[email protected]] Sent: Monday, January 09, 2012 12:41 PM To: NT System Admin Issues Subject: Domain Admin accounts We have several service accounts that are Domain Admin - is there any way to test for what permissions these accounts actually need short of "removing DA and see what happens?". I'm guessing no... David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
