"Is it possible to make it impossible for a domain admin to take ownership of a folder and it's contents?"
anonymous_at_discussions.microsoft.com
Date: 03/31/04
- Next message: Venkat: "DPAPI and services.exe"
- Previous message: anonymous_at_discussions.microsoft.com: "MS Word doc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 13:39:20 -0800
zip the files and use a strong encryption (not the windows
one, its flaky!) program on the zip file. The standard zip
password protection is not very strong.
>-----Original Message-----
>Greetings.
>
>"Is it possible to make it impossible for a domain admin
to take ownership
>of a folder and it's contents?"
>
>this question can also be phrased as...
>
>"is it possible to make something accessible only to one
user and no one
>else (including domain admin) can either change
permissions, take ownership,
>etc."? It seems to me this is not possible - that domain
admin can always
>take ownership of these files.
>
>The powers that be want one directory on our win2ksbs
server to be
>accessible only by a user, "fred". The domain admin
should not have access
>to this file nor should he be able to change permissions
nor should he be
>able to take ownership (thus allowing him to change
permissions).
>
>So it would appear to me that it is impossible (and for
good reason I would
>think) to make it impossible for domain admin to access a
certain directory
>because he could always take ownership of this directory
and then change
>permissions and then access the file.
>
>Is this true? Is it possible to make it impossible for a
domain admin to
>take ownership of a folder and it's contents?
>
>
>Thanks in advance,
>
>Russ White
>
>
>
>.
>
- Next message: Venkat: "DPAPI and services.exe"
- Previous message: anonymous_at_discussions.microsoft.com: "MS Word doc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
