Unique domain accounts with local administrative privileges, but without domain administrative privileges, are used for workstation and server management.
Topic
Local administrator accounts
Applicable to
all
History
Priority
must
Mar 2022
Removed
The recommendation to disable the use of local administrator accounts has been removed due to a conflict with the Essential Eight Maturity Model. Furthermore, the recommendation allowing any privileged account to bypass application control has been paired back to local administrator accounts and break glass accounts.
2017
Unique domain accounts with local administrative privileges, but without domainadministrative privileges, should be used for workstation and server management.