|
Posted by Anthony on April 4, 2007, 9:28 am
Please log in for more thread options
The domain admins group has a unique SID belonging to that specific domain,
so if the domain goes then that SID is meaningless and you won't have normal
access. However as a local administrator of the machine you will have the
right to take ownership of the folder and reset the permissions. This right
is contained in the default local security policy setting for User Rights
Assignment.
As a result it is futile to try to remove local admins from the permissions.
If they should not be able to get to the content then it needs to be on a
different server, or on a DC. The only thing it can achieve it:
- prevent casual browsing
- log to the Security Event Log if someone changes it and you have auditing
enabled (but if they log on as Administrator it does not tell you much)
Anthony
www.airdesk.co.uk
> Hi
>
> If I set certain folders/files permission to domain administrators only,
> and
> if the server gets damage and I have to reinstall a new server/domain
> controller and reset users. Will I be able to read the folders and files
> again.
>
> Many thanks in advance
> Richard
>
>
>
| 
XML Sitemap