Sat. Jan 21st, 2023

Users with special privileges

The basic rule of thumb is to only afford users with the minimum level of access that they require in order to do their job.

Of course, different users perform different jobs, and need to access different resources. For this purpose, all networks feature users with special privileges – that is, privileges granted to them in addition to the base level afforded to all users.

When granting additional access rights to users, always check what the effective access rights will be – this is the result of all policies applied to the user. This is important as you may apply multiple policies to a single user, and this means other policies could overwrite the policy being implemented most recently.

It is advised to remove special privileges from accounts as soon as they are no longer required. The Active Directory User management tool built in to Windows Servers helps to keep users organised.