SCOM BUILTIN\Administrators removal

Question

Hi All,

We are using SCOM 2019, as part of SCOM admin user restriction, is there any issues if we remove BUILTIN\Administrators from Operations Manager Administrators user roles and add new group which contains the required users who can access the SCOM including the service accounts?

Thanks in Advance
Fadil CK

Answer 1

Hi Fadil (@Fadil Ck ),

I know this, the presence of the group is labeled as a security violation in some cases:

The default Builtin\Administrators group must be removed from the SCOM Administrators Role Group.
https://www.stigviewer.com/stig/microsoft_scom/2021-03-15/finding/V-237437

You can do this, there is no issue with that, just make sure you add a group with permissions in SCOM first, so that you don't get locked out of the application.

Here one additional post on the topic, which also confirms what we just discussed:

SCOM Administrators
https://learn.microsoft.com/en-us/answers/questions/121182/scom-administrators.html

I hope I could you out with that!
Wish you a great day ahead!

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov

Answer 2

Hi Fadil,

Yes, "BUILTIN\Administrators" refers to the local Admin group on every server. IT IS the local admin group. This means that if you have accounts in this group, which NEED Admin permisssions in SCOM, you have to add them to the new group that you will be configuring in SCOM.

Hope I could help you!

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov