Re: Controlling Admin Access
From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 02/02/04
- Previous message: Evan Mann: "RE: Controlling Admin Access"
- In reply to: Michael Cox: "Controlling Admin Access"
- Next in thread: Michael Bitow: "RE: Controlling Admin Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Feb 2004 10:18:58 -0800 (PST) To: Michael Cox <mscox42@yahoo.com>, focus-ms@securityfocus.com
Michael,
I get the feeling that there is a lot more involved
here than simply sensitive information on an exec's
hard drive. Maybe it would be better if you could
provide an overall view of your requirements...the
reason being that as you point out single, discrete
possibilities, you're going to get single, discrete
responses. In the long run, some may end up
contradicting each other.
Also, you may want to address through a non-technical
means. For example, NDAs can be very effective.
Just a thought,
Harlan
--- Michael Cox <mscox42@yahoo.com> wrote:
> I'd like to solicit the group's input on the
> following.
>
> Domain administrators, by definition, are going to
> have complete access to member computers.
>
> Is anyone doing anything to mitigate the potential
> risks involved with access to, say, an executive's
> computer which could have very sensitive data on it
> (mergers and acquisitions, for example)?
>
> One obvious answer is encryption, but I'm curious
> what
> is available in the Windows world as I'm not as
> familiar with that.
>
> Even if something like object level auditing was
> enabled and the logs sent to a remote host, couldn't
> the admin, as a first step, disable this logging?
>
> Please answer both 1) what is possible, and 2) what
> is
> your organization or other organizations you know of
> doing about this (if anything).
>
> Many thanks in advance!
>
> Michael
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free web site building tool.
> Try it!
> http://webhosting.yahoo.com/ps/sb/
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Evan Mann: "RE: Controlling Admin Access"
- In reply to: Michael Cox: "Controlling Admin Access"
- Next in thread: Michael Bitow: "RE: Controlling Admin Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
