|
Posted by bobm3 on February 16, 2008, 12:36 pm
Please log in for more thread options
Gents;
We have a compliance issue where our system admin is not supposed to
have access to certain shares.
Any ideas as to how we can accomplish this seemingly mutually
exclusive feat?
Thanks
|
|
Posted by Marcin on February 16, 2008, 1:39 pm
Please log in for more thread options
Ensure that the ownership of the underlying NTFS structure is transferred to
a non-Administrative user, deny access to Administrators, and turn on
auditing Take Ownership events...
hth
Marcin
|
|
Posted by Leythos on February 16, 2008, 2:34 pm
Please log in for more thread options @worthless.info says...
> Gents;
>
> We have a compliance issue where our system admin is not supposed to
> have access to certain shares.
>
> Any ideas as to how we can accomplish this seemingly mutually
> exclusive feat?
You can't, it's not possible to keep a administrator out of files.
Yes, you can block access, you can take away rights, you can log events,
but the fact remains that a ADMINISTRATOR can take them all back.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
|
|
Posted by Meinolf Weber on February 16, 2008, 3:27 pm
Please log in for more thread options Hello bobm3@worthless.info,
You can configure what you like, if she/he is administrator, everything she/he
can undo.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Gents;
>
> We have a compliance issue where our system admin is not supposed to
> have access to certain shares.
>
> Any ideas as to how we can accomplish this seemingly mutually
> exclusive feat?
>
> Thanks
>
|
|
Posted by Anthony [MVP] on February 16, 2008, 8:06 pm
Please log in for more thread options Store the data on a workstation (non-domain),
Anthony,
http://www.airdesk.com
> Gents;
>
> We have a compliance issue where our system admin is not supposed to
> have access to certain shares.
>
> Any ideas as to how we can accomplish this seemingly mutually
> exclusive feat?
>
> Thanks
|
| Similar Threads | Posted | | admin shares and security | February 27, 2006, 10:30 am |
| Admin shares no longer accessible for users not in domain admins | April 22, 2006, 8:09 am |
| user cannot access shares | October 21, 2005, 12:30 pm |
| Re: user cannot access shares | October 25, 2005, 10:23 pm |
| Trusted NT domain users have full access to 2K3 server shares | January 23, 2007, 6:51 am |
| Shares, Named Pipes, and Registry for Anonymous Remote Access | February 23, 2007, 2:24 am |
| Remote event viewer access without being an admin? | April 28, 2008, 5:04 pm |
| Re: Admin access to roaming profiles (existing folders) | November 19, 2007, 11:32 am |
| Re: Admin access to roaming profiles (existing folders) | November 19, 2007, 11:20 am |
| Shares$ | December 14, 2005, 3:14 pm |
|
XML Sitemap