Protected User Group Access Issue

Abdulrahman 101 Reputation points
2022-09-19T07:18:27.887+00:00

When I add the domain admins to the protected user group, I immediatly lose the access to my internal systems. What could be the cause? and how can I keep them in this group as it is best security practice by most of the GRCs.

Thanks.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,453 questions
0 comments No comments
{count} votes

Accepted answer
  1. Gary Reynolds 9,416 Reputation points
    2022-09-19T12:23:04.313+00:00

    Hi,

    When a user is added to the Protected Users group a number of additional security constraints/restrictions are applied to the account, which can break existing functionality, especially if the account is used as a service accounts. One of the main restrictions is that is applied is that NTLM authentication can't be used, if your applications are using NTLM then they will be inaccessible.

    Have a look at the article below which contains the details of the additional restrictions that are applied. You will need to check if your applications will be impacted by these restrictions.

    https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group

    Gary.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.