Local Admin

stharathi · ‎09-19-2020

Hi,

If a user is added as local admin and also local admin group. What's the difference and is there any security risk?

Regards,

Shashank

gcusello · ‎09-20-2020

Hi @stharathi,

as @inventsekar said, your question isn't clear:

are you speaking of windows administrators or Splunk administrators?

if Windows, this isn't the right site to put this question;

if Splunk, in Splunk there's one level of administration by default, if you create different levels of administrators it's a your customization.

So if you want our opinion about creating two levels of administrators, the only answer can be: it depends on your architecture and organization.

In other words, you can create one or more administrators groups that manage only a part of infrastructure (e.g. one site each one), and a super admininstrator that manage all the infrastructure, but, as I said, it depends on your infrastructure and organization and it isn't possible to give an opinion without knowing them.

Generally I can say that, if you have a large infrastructure, it could be a good idea delegating part of administration to a second level administrators, but it gives to your organization more difficoulties in management and design of roles and grants.

Ciao.

Giuseppe

inventsekar · ‎09-19-2020

not sure i understand your question... can you please elaborate, Shashank @stharathi

Local Admin

administration

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk