Re: security paradox

From: flex (info@entyerprisecomputernet.com)
Date: 09/29/02 

From: "flex" <info@entyerprisecomputernet.com>
Date: Sun, 29 Sep 2002 03:03:21 GMT

"Greg Lorriman" <temp@lorriman.com> wrote in message
news:OCtPetlZCHA.3736@tkmsftngp08...
>
> I'm the admin on a small network. I have admin rights on the NT box and
all
> the attached computers. This allows me access to very sensitive
information.
> I don't want access to that information.
>
> In order to avoid this problem I get a "Server Operator" account, and the
> admin password is changed and only known to the managing director. The
> managing director is not technical, but is capable of typing the password
as
> needed, with a 3rd person to act as a "chaperone" during any period that
> admin access is needed by myself.
>
> However this system is unworkable since admin access is required more
> frequently than anticipated; the MD is constantly being troubled and the
3rd
> person is fed up and bored.
>
> How is this conundrum usually dealt with? AFAICS admin access is too
> powerful, and I don't know of a "step down" that will allow server
> administration while disallowing user folder access.
>
> This must be a nightmare in a large network with multiple admins.
>
> The system to which I refer is an NT server with win2k clients. The info
to
> which I am referring is that which newspapers would be interested in and
so
> this conundrum and a need for a solution is causing myself and my boss
some
> anxiety. It's not so much that I can't trust myself, but that there is no
> real reason why the persons effected by this security issue should trust
me,
> and nor anyone who might replace me. There's is also the issue of leak
> detection : by having just one individual with the admin password
restricts
> accountability somewhat. If an enquiry were launched into a breach of
> security myself and my boss want to be as protected as possible.
>
> Anyone got more of a clue than we have?
>
> A decent book recommendation would be lovely too!
>
> Greg
>
>
>
>
>
Have the person who owns this information encrypt it. End of problem

Flex

Relevant Pages

  • Re: Certification Question
    ... someone they won't hardly look at you unless you have a MCSA and CCNA ... Basically, understanding basic server protocols, ... functions (helpdesk, server admin, network/internet admin). ... The CCNA will allow you to understand basic network ...
    (comp.dcom.sys.cisco)
  • Re: Vista Bus to SBS2003R2 connectcomputer problems . . .
    ... On the Vista Workstation, right click on the IE icon on the desktop and choose run as Adminstrator ... protected mode also add the server FQDN or IP to the list of trusted sites. ... Also tried all flavours of running the procedure with admin rights. ... Small Business Server Network Configuration Wizard: ...
    (microsoft.public.windows.server.sbs)
  • Re: New At Network Configuration
    ... server and joined it to the DC. ... considered running a hardware firewall instead? ... You only need one internal network, and the machines on it only need ... workstaions connect via the admin computer to the network ...
    (microsoft.public.windows.server.networking)
  • Re: Administrator Cant log into a DC unless the DC can see a GC
    ... with an admin being denied access to a resource because a GC is unavailable. ... This provides a situation where none admins can gain access to the network ... As long as the non-GC server can see a GC server then I can use ... >> administrator account and log in fine. ...
    (microsoft.public.win2000.active_directory)
  • I have an unusual upgrade scenario. Please advise.
    ... strip out Exchange 2000 from the AD before you start. ... >I'm an ex-NT4 administrator that hasn't done much admin ... >previous network admin has left me with a bit of a mess ... >The last admin attempted to add an Exchange 2000 server ...
    (microsoft.public.exchange.setup)
Loading