Hello,

We've recently became aware of the existence of resetADSSPPassword.bat on our Server, which whilst I understand the need for, has been deemed a potential security risk by the business, so I've got to lock it down.

There's a few ways I can think of accomplishing this - modifying the permissions on the batch file, or even locking down who has access to RDP onto the server from anyone with admin permissions to one or two specific accounts, but is there any recommendations on how anyone else has done it, or even best practice from Manageengine?

And whilst I'm at it, is there any other security hardening we should be considering on the server in general?