Is there a justification to add the domain admins group into the local Windows 10 administrators group. There seems to be a risk here or at least one risk anyway with adding these elevated accounts. We have the local administrator account enabled and are using LAPS to manage the password. We do have a desktop support account added to this group to manage the desktop.