Check or Attack Name: Domain Admin

A user was found in the Domain Administrators group that is not typically a member of this group. Verify that the user should be a member of this group.

False Positives: If the user is a legitimate member of this group, then this is not a vulnerability.

If the user should not be a member of this group, remove the user from the group.

To remove a user from a group, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user in the list.
3. From the User menu, select Properties to display the User Properties dialog box.
4. Select Groups.
5. In the Member list, highlight Domain Administrators and select Remove.
6. Click OK.