I recently had a penetration tester inform us that our domain computers security group was added as a member of the domain admins group. This seems like an incredibly risky move, and I'm trying to understand how serious of a security threat this actually poses. Should concerns about this lead someone to consider looking for a new job?
5 Answers
Honestly, this seems like a catastrophic oversight. Typically, you want strict limitations on who can access domain admin privileges. If the pen tester flagged this, it’s a red flag. Definitely worth considering if this environment is right for you.
This is impressively bad! It’s like allowing any computer to walk right in and do whatever they want with the domain. You should definitely remove this immediately and then address the consequences. Sit down with your team and fix it fast.
Yeah, having the SYSTEM account from all your domain PCs as a domain admin is like opening the door wide for attackers. It's a serious configuration issue. You definitely need to fix this as soon as possible, and maybe have a chat with management about it.
This is really bad news. It's not just a little oversight; it can lead to significant compromises. Essentially, if a single computer is compromised, the attackers gain domain admin access. You really need to act on this quickly—it's the kind of thing that screams for immediate correction.
Dude, this is major. You might want to start looking at other job options unless you want to keep dealing with such a disaster waiting to happen. It's not just about this issue; it raises questions about the overall management of your IT team.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures