every article just has hints about how to cope with GPOs but i need some input about the design of delegation rights.
Say i have an OU structure (it like this:
Servers - Exchange
Servers - SharePoint
Servers - Tier 1
Ok i do not delegate the "Domain controllers".
But if i delegate the "Servers - Tier 1" to 2 "Admin Accounts" and one of them get hacked. All my "Tier 1 servers" are kind of lost?
So is there any other possibility to restrict (without 3rd party) or secure the GPO delegation?