RE: Controlling Admin Access
From: Houston, Scott (Scott.Houston_at_acs-inc.com)
Date: 02/02/04
- Previous message: Micheal Patterson: "MS 2000 DUN Connection Name issue"
- Maybe in reply to: Michael Cox: "Controlling Admin Access"
- Next in thread: marco2: "RE: Controlling Admin Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'Harlan Carvey' <keydet89@yahoo.com>, Michael Cox <mscox42@yahoo.com>, focus-ms@securityfocus.com Date: Mon, 2 Feb 2004 14:09:06 -0800
Our organization tends to deal with such things via the normal security
means that an operating system has to offer as well as NDAs and keeping a
tight control on who has access to network resources when the data is highly
sensative.
In my opinion, if the data is so sensative that it's questionable whether or
not domain/system administrators should have access to it, it probably
shouldn't be on a network-attached device.
--- Michael Cox <mscox42@yahoo.com> wrote:
> I'd like to solicit the group's input on the
> following.
>
> Domain administrators, by definition, are going to
> have complete access to member computers.
>
> Is anyone doing anything to mitigate the potential
> risks involved with access to, say, an executive's
> computer which could have very sensitive data on it
> (mergers and acquisitions, for example)?
>
> One obvious answer is encryption, but I'm curious
> what
> is available in the Windows world as I'm not as
> familiar with that.
>
> Even if something like object level auditing was
> enabled and the logs sent to a remote host, couldn't
> the admin, as a first step, disable this logging?
>
> Please answer both 1) what is possible, and 2) what
> is
> your organization or other organizations you know of
> doing about this (if anything).
>
> Many thanks in advance!
>
> Michael
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free web site building tool.
> Try it!
> http://webhosting.yahoo.com/ps/sb/
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Micheal Patterson: "MS 2000 DUN Connection Name issue"
- Maybe in reply to: Michael Cox: "Controlling Admin Access"
- Next in thread: marco2: "RE: Controlling Admin Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
