During the build process for 20 new Windows 11 Pro laptops that will be joined to the company's Active Directory domain, a junior technician asks what to do with the local (non-domain) user accounts that Windows created during initial setup. According to Microsoft security best practices and CompTIA A+ guidance, how should local user accounts be handled on domain-joined workstations to reduce the attack surface?
Disable or remove local accounts and rely on domain credentials instead
Elevate the local accounts to the Administrators group for troubleshooting
Convert the local accounts to Microsoft accounts for single sign-on
Leave the local accounts enabled but enforce password rotation every 30 days
In a domain environment, authentication should occur through the domain controller so that password, lockout, and disablement policies are enforced centrally. Leaving unnecessary local accounts enabled creates a separate set of credentials that are not governed by Group Policy, making it harder to revoke access if a device is lost or an employee departs. Therefore, any unneeded local accounts-including the default Administrator or setup-created accounts-should be disabled or removed, keeping at most a single, unique emergency account that remains disabled until required. Elevating local accounts, converting them to Microsoft accounts, or merely rotating their passwords does not eliminate the exposure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why should local user accounts be disabled in an Active Directory domain?
Open an interactive chat with Bash
What is the role of a domain controller in an Active Directory environment?
Open an interactive chat with Bash
What are the security risks of relying on local accounts in a domain network?
Open an interactive chat with Bash
CompTIA A+ 220-1102 (V14)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .