Re: Administrator rights to folder
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 03/09/04
- Next message: Phil Bailey: "Thoughts on SMIME ?"
- Previous message: Mike [MSFT]: "RE: VPN access and certs"
- In reply to: Tomppa: "Re: Administrator rights to folder"
- Next in thread: Tomppa: "Re: Administrator rights to folder"
- Reply: Tomppa: "Re: Administrator rights to folder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Mar 2004 12:58:57 -0800
Are you an administrator? If not, that could explain the grey.
The 1030's and 1058's are probably from policy failing to apply. What are
the messages?
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Tomppa" <tofors99@hotmail.com> wrote in message news:u6bVIPaBEHA.1796@TK2MSFTNGP12.phx.gbl... > The Audit Object Access is grey and canīt be changed and I have a lot of > error 1030 and 1058 in the application log. Have tried to fix 1030,1058 no > luck. > > Any ideas? > > Tomppa > > "Drew Cooper [MSFT]" <dcoop@online.microsoft.com> skrev i meddelandet > news:OqZQm9UBEHA.3852@TK2MSFTNGP10.phx.gbl... > > There's pretty good documentation about how auditing works. Here's one > > example of the Win2k docs: > > > http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/acl_audit_file_folder.htm > > > > Help and Support on XP/Server 2003 is actually helpful, too. Or you can > > always google for more information ("site:microsoft.com" will give you > only > > hits from Microsoft). > > -- > > Drew Cooper [MSFT] > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > > "Tomppa" <tofors99@hotmail.com> wrote in message > > news:Ope92FRBEHA.1600@tk2msftngp13.phx.gbl... > > > Hi! > > > Auditing sound like a good start. Have activated auting on a test folder > > for > > > the administrator. But what do I have to do more, to get success/failure > > > events in the event log? > > > > > > Tomppa > > > > > > > > > "Drew Cooper [MSFT]" <dcoop@online.microsoft.com> skrev i meddelandet > > > news:%23UatYqvAEHA.2800@tk2msftngp13.phx.gbl... > > > > Regardless, a domain admin can install a keystroke logger or a filter > > > driver > > > > that snoops files as they are opened. Encryption doesn't really stop > an > > > > admin if the file is ever opened again (or, perhaps if the user ever > > logs > > > > onto a domain machine again). > > > > If you want to see what your admins do to files, use auditing. Even > if > > > they > > > > clear the log, there will be a log of their clearing it. > > > > If you don't trust them at all they probably shouldn't be admins. > > > > -- > > > > Drew Cooper [MSFT] > > > > This posting is provided "AS IS" with no warranties, and confers no > > > rights. > > > > > > > > > > > > "Dusko Savatovic" <savatovic.removespam@hotmail.com> wrote in message > > > > news:e6E90$rAEHA.3352@TK2MSFTNGP09.phx.gbl... > > > > > They can hide stuff if they use encryption. > > > > > However, if they use EFS in domain environment, it might be possible > > for > > > > > domain admins to recover encrypted content. > > > > > > > > > > In order to prevent casual recovery in domain environment, the > > creation > > > of > > > > > recovery agents should be strictly monitored and EFS recovery > > > certificate > > > > > should be exported (with option "Delete private key if export is > > > > > successful") from the user Administrator of the > > > > > First-root-domain-controller. > > > > > > > > > > Also, the security is not just setting permissions and encryption. > It > > is > > > a > > > > > process of constant monitoring, evaluation and adaptation to new > > > > situations. > > > > > Think of it as leaving expensive, secure ATM full of money in the > open > > > > field > > > > > without any supervision. > > > > > > > > > > Dusko Savatovic > > > > > > > > > > > > > > > > > > > > "Tomppa" <tofors99@hotmail.com> wrote in message > > > > > news:O2DHX9nAEHA.1452@TK2MSFTNGP09.phx.gbl... > > > > > > So the companyīs "leadgroup" canīt "hide" anything from the domain > > > > > > admin....... > > > > > > > > > > > > Tomppa > > > > > > > > > > > > "Drew Cooper [MSFT]" <dcoop@online.microsoft.com> skrev i > > meddelandet > > > > > > news:ezdI5niAEHA.2316@TK2MSFTNGP10.phx.gbl... > > > > > > > You can't. That's what it means to be a domain administrator. > > > > > > > -- > > > > > > > Drew Cooper [MSFT] > > > > > > > This posting is provided "AS IS" with no warranties, and confers > > no > > > > > > rights. > > > > > > > > > > > > > > > > > > > > > "Tomppa" <tofors99@hotmail.com> wrote in message > > > > > > > news:OlLaG4eAEHA.1456@TK2MSFTNGP09.phx.gbl... > > > > > > > > Hi > > > > > > > > > > > > > > > > Can I prevent a Domain admin to have access to a folder on the > > DC? > > > > > > > > If I only give access to user "Bill" the administra still can > > > right > > > > > > click > > > > > > > > the folder and give himself more rights. > > > > > > > > > > > > > > > > Tomppa > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Phil Bailey: "Thoughts on SMIME ?"
- Previous message: Mike [MSFT]: "RE: VPN access and certs"
- In reply to: Tomppa: "Re: Administrator rights to folder"
- Next in thread: Tomppa: "Re: Administrator rights to folder"
- Reply: Tomppa: "Re: Administrator rights to folder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
