Cyber security Group for - Cyber Team

golpemortal · Nov 8, 2022

Hi folks,

I am working on creating a Security group for Cyber Team - I 've been trying to remove their domain admins right and create a security group because I dont see a reason for Cyber having Domain Admins but I am poudering what kind of rights they should have when they can only read security log, Scan the network with Splunk and so on. But they only scan and review the data so I am kind of in need of your input on how can I approach this issues via security groups.

They are all upset with me because they dont want to lose their admin rights and for me that is a big risk.

Your thoughts...

Thank you Golpemortal.

ralphbsz · Nov 8, 2022

I'm very sorry, but I don't understand at all what you're trying to say here. Can you explain terms like "Cyber Team" and so on?

golpemortal · Nov 8, 2022

We have a Cyber Security group within the DoD organization and I do not see the need for them to have Domain Admin as their job is to view the DC's security logs and scan the network with Splunk.... They do not need Domain admins right specially when they don't know anything about sysadmin. Unless you think they need Domain admins and do explain why. The only group in my case only System Administrators need Domain admins rights. I seen some cyber users that deleted entire volumes in the storage by mistake and I am trying to fix this very problem and Cyber group should not have Domain Admin right.... Too dangerous....

VladiBG · Nov 8, 2022

Domain Controller Security Logs – how to get at them without being a Domain Admin

So, was (semi)recently tasked with getting rid of service accounts out of our Domain Administrators group because, as you know, service accounts in Domain Admins group is BAAAAD! One of the account…

girl-germs.com

SirDice · Nov 8, 2022

Not the time or the place to ask about Windows ADS configuration.

astyle · Nov 8, 2022

I frankly agree with SirDice on account of Windows administration.

But... for comparison with UNIX, root account is generally limited to the machine... and it's possible to organize/limit daemon accounts if they want to do admin tasks on other machines.

Using that same logic (Yep, credit to UNIX as the originator!

), I think that OP is on the right track to create a special group with limited permissions.

Nope, users are not gonna like losing privileges (even over egregious mistakes like deleting a whole share via lack of attention), so OP will need to get some backing from above before making a move. I hate getting political in a technical forum, but the lack of Best Practices is just flabbergasting. :/

golpemortal · Nov 8, 2022

Sorry didn't mean to really go off topic.