By default, the local Administrators group is mapped to a security profile winnt://<hostname of domain manager>/administrators with all class permissions set to Full Control.
Often this is undesired. Domain/Local Admins are not necessarily the same people who administer the ITCM environment.
What needs to be done to revoke the permissions from the local Administrators group and grant these permissions to one or more Active Directory groups/OUs?
Granting Full Control Permission to a group
Revoking Full Control Permissions for the Administrators group
Release: UASIT.99000-12-Asset Intelligence