Re: restrict administrator to access system without my permission through rdp

If you are saying that untrusted parties have Domain Admin accounts,
whether due to outsourcing or poor hiring actions, then you have a
fundemental business operations problem. Do not look to computer
infrastructure technologies to cure those, as in this specific case it
cannot. We could tell you how to make it difficult, some would say
make it as you have initially asked. But we know it is not waterproof,
and the privacy you want would or could leak right out, that is, they
would/could get the access again. Things would be worse however
as you would be under the impression they could not be doing what
they had reestablished their ability to do.
Your best technical approach is to regain trusted control over your
domain - know all administrative accounts' holders and revoke/disable
any that exceed your comfort level. Vendors do not need fulltime
domain admin accounts. I do not even "lend" them one when they
are on-site, but require that they guide someone using a domain admin
account when they insist use of one is necessary.
When you prune administrative access to trusted people, removing
the excess, also force all that remain to undergo password change
to a long, strong phrase (as a personnel agreement with them).

"Arr Ell" <arrell@xxxxxxxxx> wrote in message
news:1150434593.716510.247230@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Well the problem is with my domain, i need all the systems attached to
domain because of some certain reasons, we are getting service of
networking , h/w , s/w from third party and we have some security
concerns over some critical systems like audit , hr so i just dont want
them to be accessed by anyone by any mean or just have a control over
it as domain controller ...
i think this would give you the better idea of my requirement
bye

Steven L Umbach wrote:
You can't as long as the computer is a domain member. If there is a
security
concern take it up with your supervisor as how to proceed. If there is a
legitimate concern then maybe you can have your computer removed from the
domain. --- Steve


"Arr Ell" <arrell@xxxxxxxxx> wrote in message
news:1150368555.313852.3940@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
how can i restrict domain administrators to not monitor or use my
system in a domain




.

Relevant Pages

  • Re: Big Problem w/ Admin accounts locked out
    ... domain administrator password. ... are you getting a lockout error on login or bad password? ... account (which has Domain Admin rights) to Server Management --> ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot Decrypt Files
    ... I notice it has been said that Domain Admin accounts ... are not DRA, ... >> some files and folders have been encrypted and will not copy to a remote ...
    (microsoft.public.win2000.security)
  • Re: Big Problem w/ Admin accounts locked out
    ... using remote desktop with a power user account. ... account (which has Domain Admin rights) to Server Management --> Users, ... login but with it's lower privileges, we can't do anything with the ...
    (microsoft.public.windows.server.sbs)
  • Re: Running Login Script Problems
    ... I only create domain admin accounts from the server to use on the workstations. ...
    (microsoft.public.win2000.networking)