RE: Controlling Admin Access

From: Pidgorny, Slav (slav.pidgorny_at_anz.com)
Date: 02/03/04

  • Next message: Micheal Patterson: "MS 2000 DUN Connection Name issue" 
    Date: Tue, 3 Feb 2004 10:21:43 +1100
To: "Michael Cox" <mscox42@yahoo.com>, <focus-ms@securityfocus.com>

    Inline:

    > -----Original Message-----
    > From: Michael Cox [mailto:mscox42@yahoo.com]

    > Is anyone doing anything to mitigate the potential
    > risks involved with access to, say, an executive's
    > computer which could have very sensitive data on it
    > (mergers and acquisitions, for example)?

    I think that executive staff should trust to some IT support personnel, to start with. Considering the requirements for backing up and sharing such information, I cannot imagine such information stored and maintained securely on a desktop/laptop system by the executives.

    > One obvious answer is encryption, but I'm curious what
    > is available in the Windows world as I'm not as
    > familiar with that.

    Windows EFS (Encrypting File System, an NTFS feature) gives you one obvious option - see, for example, www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp

    You can - and should - consider Windows Rights Management Services (http://www.microsoft.com/windowsserver2003/techinfo/overview/rm.mspx)

    For both, you can restrict domain admins from viewing classified data. Of course, you should plan for disaster recovery carefully.

    HTH,

    Svyatoslav Pidgorny, MS MVP, MCSE

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Micheal Patterson: "MS 2000 DUN Connection Name issue"