Re: Keep domain admin from being able to take ownership
From: *Vanguard* (no-email_at_post-reply-in-newsgroup.invalid)
Date: 03/31/04
- Next message: scott: "Re: password protection for windows 98"
- Previous message: Michal: "Spy Bot freeze"
- Maybe in reply to: a_non_y_mous_at_discussions.microsoft.com: "Keep domain admin from being able to take ownership"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 14:07:39 -0600
"Russell White" said in news:O7kOtkzFEHA.3764@TK2MSFTNGP12.phx.gbl:
> Greetings.
>
> "Is it possible to make it impossible for a domain admin to take
> ownership of a folder and it's contents?"
No. Instead use EFS. I believe the current owner of the file/folder can dictate who has access *into* an EFS-protected file. The admin users can still take ownership and change permissions but they cannot read the contents of the file. I know that I've done this on Windows 2000 (which assigns Administrator as the default recovery agent whereas Windows XP does not) where my account could read the EFS-protected file but the Administrator could not. Be sure to export the EFS certificate to a floppy and lock it up somewhere.
- Next message: scott: "Re: password protection for windows 98"
- Previous message: Michal: "Spy Bot freeze"
- Maybe in reply to: a_non_y_mous_at_discussions.microsoft.com: "Keep domain admin from being able to take ownership"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
