Controlling Admin Access

From: Michael Cox (mscox42_at_yahoo.com)
Date: 01/30/04

  • Next message: Evan Mann: "RE: Controlling Admin Access" 
    Date: Fri, 30 Jan 2004 11:56:12 -0800 (PST)
To: focus-ms@securityfocus.com

    I'd like to solicit the group's input on the
    following.

    Domain administrators, by definition, are going to
    have complete access to member computers.

    Is anyone doing anything to mitigate the potential
    risks involved with access to, say, an executive's
    computer which could have very sensitive data on it
    (mergers and acquisitions, for example)?

    One obvious answer is encryption, but I'm curious what
    is available in the Windows world as I'm not as
    familiar with that.

    Even if something like object level auditing was
    enabled and the logs sent to a remote host, couldn't
    the admin, as a first step, disable this logging?

    Please answer both 1) what is possible, and 2) what is
    your organization or other organizations you know of
    doing about this (if anything).

    Many thanks in advance!

    Michael

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free web site building tool. Try it!
    http://webhosting.yahoo.com/ps/sb/

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Evan Mann: "RE: Controlling Admin Access"