- My concern here is for RDP we do have two factor enabled. But if the user do access the path via ... \\SERVERXXX\C$ , then are there any means that we can enable two-factor for them?
- Also an administrator can invoke these below from his desktop with Run As Administrator mode providing the Domain Administrator credentials to access the Domain services like - Services.msc - to shutdown and start any server services
- DSA.msc - to add delete users , computers in Windows AD
- DNSMGMT.msc - DNS Management
- DHCPMGMT.msc - DHCP Management
- GPMC.msc - group policy editing
- Web console based tools on SCCM management
Can we protect this with two FA?