At first glance, this heading might not make any sense. If all of my Group Policy data is stored on the DCs, and the GPMC gets installed by default on my DCs, why would I need to worry about installing the GPMC somewhere else? Won't I just log into a DC and launch the GPMC? Easy peasy, right?
DCs are critically important servers, arguably the most important servers in any network. They contain information that would be considered "keys to the kingdom," and security teams are turning more and more time and effort into making sure that their directory servers (DCs) are locked down and accessed only on an as-needed basis. In the past, pretty much anyone who worked in IT had a domain admin account that allowed ...