Jul 25 2024 07:59 AM
Hi AD Brain trust,
I'm currently working on a security assessment for our internal AD environment. One of the item in the report is - Presence of Admin accounts which do not have the flag "This account is sensitive and cannot be delegated": 6
I'm struggling to understand the consequences of setting the flag for admin accounts. If anyone can shed some lights on the implications/recommendations to resolve this detection would be greatly appreciated !
Thank you!
Jul 29 2024 10:09 PM
Its a checkbox you can set on the AD user.
The general idea is not to allow other users to be able to use the permissions of your admin user.
There is a MS article that gives some more detail.