Re: "Is it possible to make it impossible for a domain admin to take ownership of a folder and it's contents?"
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 04/01/04
- Previous message: Prit: "Emailing File name"
- In reply to: Derek Melber [MVP]: "Re: "Is it possible to make it impossible for a domain admin to take ownership of a folder and it's contents?""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 14:38:24 -0800
DRA needed on Win2k only. XP and 2003 can encrypt with no DRA.
And there are still ways for an administrator to access the file the next
time it is opened. Domain admins have absolute control over the domain.
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:OAloYnzFEHA.3724@TK2MSFTNGP11.phx.gbl... > Try to encrypt the files, as long as the administrator is not the DRA for > the encryption. However, there needs to be a DRA for the encryption to work. > > -- > Derek Melber > BrainCore.Net > derekm@braincore.net > "Russell White" <rwhite@cascodev.com> wrote in message > news:%23F5sXlzFEHA.3568@tk2msftngp13.phx.gbl... > > > > > > Greetings. > > > > "Is it possible to make it impossible for a domain admin to take ownership > > of a folder and it's contents?" > > > > this question can also be phrased as... > > > > "is it possible to make something accessible only to one user and no one > > else (including domain admin) can either change permissions, take > ownership, > > etc."? It seems to me this is not possible - that domain admin can always > > take ownership of these files. > > > > The powers that be want one directory on our win2ksbs server to be > > accessible only by a user, "fred". The domain admin should not have > access > > to this file nor should he be able to change permissions nor should he be > > able to take ownership (thus allowing him to change permissions). > > > > So it would appear to me that it is impossible (and for good reason I > would > > think) to make it impossible for domain admin to access a certain > directory > > because he could always take ownership of this directory and then change > > permissions and then access the file. > > > > Is this true? Is it possible to make it impossible for a domain admin to > > take ownership of a folder and it's contents? > > > > > > Thanks in advance, > > > > Russ White > > > > > > > > > > > > > >
- Previous message: Prit: "Emailing File name"
- In reply to: Derek Melber [MVP]: "Re: "Is it possible to make it impossible for a domain admin to take ownership of a folder and it's contents?""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
