Re: How can admin not have access to certain shares?

On Tue, 26 Feb 2008 05:57:44 -0500, Leythos <void@xxxxxxxxxxx> wrote:

In article <#ICbOwMdIHA.2404@xxxxxxxxxxxxxxxxxxxx>, anthony@xxxxxxxxxxxx
says...
If you want data to be outside the scope of a domain administrator, it is
fairly obvious that you need to put the data outside the domain.
Auditing the data so that you are alerted when someone accesses it is
different. It is like putting the burglar in charge of setting the alarm.
Anthony
http://www.airdesk.com

Nope, and that would violate most auditing compliance programs out
there.

If you don't trust the administrator then you're screwed to start with.

No matter where you put the data you are doing to have to back it up,
maintain it, administer it, etc.... Someone has to do that, and you have
to trust that person(s).

As the OP of this thread I appreciate all the banter. Most, perhaps
all, of it is valid. The untrusted admin is easy: reassign or
relieve. My experience is that most of the IT people are reliable,
honest and productive. But due to others, primarily large shops like
Enron, the feds are requiring everyone, especially facilities that
have any federal involvement, to be significantly overburdened with
the same rules as these alleged corrupt entities.

I/we trust our admis as he has been instrumental in designing,
defining and managing a reasonably well tuned and managed network
infrastructure. Other departments create and maintain various
documents which, in an effort to control security and access, are
stored on a NAS/SAN within our domain. Some of these docs MIGHT
contain non-public information, and we are being REQUIRED to eliminate
all access to these documents in any way for any purpose by our admin.
And the kicker... we only have ONE admin in a four person shop and the
manager is not allowed to have any system access whatsoever other than
user.

So you see where this original request comes from. But hey, bigger is
better, right?
.

Relevant Pages

  • Re: Handling Sysads resignation/termination
    ... the admin is out-- what is the ... your HR department and your firm's Attorneys ... You can't protect yourself against the actions of one in a trusted position ... the breech of trust has taken place. ...
    (Pen-Test)
  • Re: Child Domain Setup Quiestion
    ... The trust created is Bidirection, Implecit, Transitive trust between domains ... There are three levels of Administration in a windows 2003 based ... 1] Enterprise Admin - have admin previlages to all the domains in the forest. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Running VSTO on Terminal Server
    ... The solution is that although the Configuration tool appears to be working ... I had a net admin make the change to ... Microsoft.Web.Services.dll and again I was unable to establish trust for the ... > I also added a full trust policy at the level of the VS projects directory ...
    (microsoft.public.vsnet.vstools.office)
  • Re: software to control domain administrators
    ... "If I can't trust my admin he/she shouldn't be one" is an archaic school ... enterprise administrators are less and less common in favor of dividing ...
    (Security-Basics)
  • Re: ? about google toolbar
    ... Chuck,,THanks for your help-Yes I do trust ... >>install it but would not allow it. ... >Can you trust your daughter? ... running an admin ...
    (microsoft.public.security)