Re: Controlling IT manager access?

If he is going to be the domain admin, anything you can do to restrict him
he as a domain admin can undo.

The most important thing to consider when hiring a domain admin is "Can I
trust Him/her".

Hire somebody you can trust.

Otherwise you can set up auditing on the critical files. This could let you
know they have been accessed but it's afterwards.


<decc@xxxxxxxxxxx> wrote in message
I am the business manager for a small business and have been doing all
accounting and IT functions myself. I am considering hiring someone
to take on the majority of these tasks so will need this employee to
perform domain admin functions but I need to restrict access to
payroll and other HR files. Suggestions on how best accomplish this
would be greatly appreciated. The LAN is made up of a single server
running Server 2003 Standard SP2 with 11 XP Pro SP2 PC's.




Relevant Pages

  • Re: Domain Admins restriction
    ... > There is no such thing as a restricted domain administrator. ... >> few user files I want to restrict him from. ... >> I tried Domain Admin to the folders and then adding ... >> his name to these folder and restricting access, ...
  • RE: Restrict the Domain Admin
    ... Give one set of rights to internal audit and another to ... Have a change process to get access to the domain admin account on the ... Subject: Restrict the Domain Admin ... Aren't these proceedural controls and not technical? ...
  • Re: Restrict User account creation
    ... Even if you find a way to restrict him as domain admin, he also has the right to undo your restrictions. ... So make him normal user and delegate control. ... neccessary rights. ...
  • Re: Restrict Domain admins for Remote Desktop
    ... restrict users in same groups then either set up another security group, ... Administrators from using Remote Desktop onto my computer. ... want to restrict a domain admin and an administrator without ... restricting myself as I am also a domain admin and administrator. ...
  • Re: Client Access Rights
    ... This would only be a problem if the users in question had domain admin ... rights. ... > Note that while this will work in general, ultimately you can not restrict ... > separate domains or better yet separate forests. ...