Securing workstations from IT guys

It's a catch 22 situation and I need to make our Windows Xp workstations appropriately secure. Secure from rogue Helpdesk personnel as well as network admins.
The HR guys are complaining that their 'offer' letters to prospective employees and some of the CVs that they recieve are finding their way into unwanted hands. I suspect both HR application vulnerability, for which I am undertaking some vulnerability analysis but I also need to protect the PCs that belong to Dept. of HR employees from rogue IT guys.

Here are the basics of what I intend to do:
1. Advise all HR users to shutdown their PC before they leave for the day.
2. Change all Local Admin passwords so that even IT helpdesk/other doesn't know them.
3. Advise HR guys to assign passwords to their excel/word files.
3. Do not create shares off c drive giving 'everyone' access.

But...because they are all connected to Windows 2003 domain, I still risk someone from domain admin group to be able to start C$/D$ share and browse into their c: drive, what should I do?

Also, it's easy to crack open xls/doc passwords, what else can be done?

Alternatively, Is there an auditing on PC that can be enabled to track/log incoming connections to C$ and pop up and alert whenever someone tries it out from a remote machine.

Pls advise!!

Relevant Pages

  • Re: New possible user
    ... I'm saying you may be (you don't ... windows exposure, given the right atmosphere (I mentioned that, sociable ... run the apps and is comfortable for the people that admin it. ...
    (comp.unix.questions)
  • [Full-Disclosure] Dcom.c - (Shutting it down on 5,000 systems) - a Paul Schmehl Post
    ... If you're an admin and haven't touched this one ... clown...cause they analyze security threats and take actions. ... hasn't entered the Windows world in a secure implementation (that I'm ... A fantasy world exists on every campus where the belief is ...
    (Full-Disclosure)
  • Re: [opensuse] OpenSuse 11
    ... My parents have pulled off such a feat -- they've never had any security issues, and of the people I know, they are the least computer literate. ... Do they run as admin or user? ... The matter of Windows having deliberate in-built backdoors has been mooted for quite some time. ... ZoneAlarm, for example, is one such security applications. ...
    (SuSE)
  • RE: Windows NT Desktop
    ... This is not a mailing list where we tell you how to hack. ... Notwithstanding, Windows NT does not support USB devices, so unless the BIOS ... However, if the admin is any good, he will have locked ...
    (Focus-Microsoft)
  • Re: Funny - any comments?
    ... wanted to approach management about this issue. ... > is better than a slapped together system where IT staff simply must know ... >> The actual issue is the Exchange email server is in one Windows ... If absolutely necessary, the admin could ...
    (microsoft.public.security)
Quantcast