Native Administrative Group Members

With regard to privileged groups in Active Directory, there are very few cases where it's necessary to add an account to default administrative groups. Membership to these groups should be scrutinized and carefully justified.

Restrict privileged administrative group membership to a minimum.

Name: Native Administrative Group Members

Codename: C-NATIVE-ADM-GROUP-MEMBERS

Severity: Critical