Posted November 27, 2024Nov 27 FPCH Staff Request to enable the assignment of decrypt permissions to multiple groups independently. Currently, we can assign the decrypt permission to only one group. In our case, this requires a universal group in our forest containing both domain admins and Tier 2 admins. However, combining these two roles into a single group poses a security risk, as it increases the potential for mismanagement. Best practices generally advise against merging such privileged administrative groups. Because of this limitation we have disabled the new encryption feature. What are your thoughts on this? Thanks!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.