Re: Can I hide my personal information from administrators of a domain?

From: Dmitriy Kopnichev (kopn_at_hotbox.ru)
Date: 11/04/03 

Date: Tue, 4 Nov 2003 09:53:02 +0300

I don't use my domain account. I connect to a domain server from my local
account. The domain administrator says that I should be in our domain for
being able to open domain servers with my two IP address configuration. Is
this bluff? Can I restrict access to my computer for domain administrators?
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:eCZJ0KboDHA.2592@TK2MSFTNGP10.phx.gbl...
> There are two policies, in the User Rights
> Log on locally
> and
> Access this computer from the network
>
> Any account not listed in these cannot access
> your machine, except to extent that anonymous
> null sessions are allowed. These can also be
> restricted by use of policies in the Security
> Options with local policy.
>
> When you are in a domain, anything that you
> set in local policy can be overridden from the
> domain level.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> news:OK2iXkMoDHA.1072@TK2MSFTNGP09.phx.gbl...
> > How to know what groups and account have any access to my computer?
> There's
> > no a domain account other than mine in "Users Accounts".
> > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> > news:ebcoovJoDHA.3256@tk2msftngp13.phx.gbl...
> > > Look at the NTFS perrmissions to see aht groups/accounts
> > > are granted access, and compare this to the accounts that
> > > are members in those groups. In default, Domain Admins
> > > are members of the local Administrators group, but they could
> > > be added into other groups.
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Server System: Security)
> > > MCDBA, MCSE W2k3+W2k+Nt4
> > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > news:%23nHSLbunDHA.2432@TK2MSFTNGP10.phx.gbl...
> > > > How to know if domain admin has access to the info?
> > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > > news:%231oS4WWnDHA.2244@TK2MSFTNGP12.phx.gbl...
> > > > > If you have info stored on the local machine, and some
> > > > > account (domain admin or any other) has access to the
> > > > > info, it does not matter what account owns the info nor
> > > > > whether that account is or is not logged in.
> > > > > You can set permissions so that domain admins do not
> > > > > have access to some files/folders. You can also make it
> > > > > more difficult for domain admins to log into your machine
> > > > > (locally or over the network) but if they really want to get
> > > > > at something on your machine they can if the domain is
> > > > > W2k or later.
> > > > >
> > > > > --
> > > > > Roger Abell
> > > > > Microsoft MVP (Windows Server System: Security)
> > > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > > > news:uW6WZsVnDHA.1096@TK2MSFTNGP11.phx.gbl...
> > > > > > Can the domain administrators see my information even when I'm
not
> > > > logged
> > > > > on
> > > > > > to a domain account but to a local account? Keeping the
> information
> > on
> > > a
> > > > > > removable disk is not convenient. The only thing I need in the
> > domain
> > > is
> > > > a
> > > > > > network exchange disk.
> > > > > > "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
> > > > > > news:OkkrYrUnDHA.2592@TK2MSFTNGP10.phx.gbl...
> > > > > > > > Can I hide my personal information from administrators of a
> > domain
> > > > in
> > > > > > > which
> > > > > > > > my computer is?
> > > > > > >
> > > > > > > Copy the information to disk, then delete it.
> > > > > > >
> > > > > > > > Or how to share a folder on my computer with other members
> > > > > > > > of the domain?
> > > > > > >
> > > > > > > Description of File Sharing and Permissions in Windows XP
> > [Q304040]
> > > > > > > http://support.microsoft.com/?kbid=304040
> > > > > > >
> > > > > > > --
> > > > > > > Best of Luck,
> > > > > > >
> > > > > > > Rick Rogers aka "Nutcase" MS-MVP - Win9x
> > > > > > > Windows isn't rocket science! That's my other hobby!
> > > > > > > http://mvp.support.microsoft.com/
> > > > > > > Associate Expert - WinXP - Expert Zone
> > > > > > > www.microsoft.com/windowsxp/expertzone
> > > > > > > Win98 Help - www.rickrogers.org
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Permissions for folders shared accross the network
    ... If you want to maintain multiple users on ... multiple computers, you have to add an account / password, identical on each ... Win2K Server OS - you can't do domain server with XP Pro. ...
    (microsoft.public.windowsxp.network_web)
  • New domain is using old domain for Exchange 2000 only
    ... New domain on Server2003 has trust relationship with old domain Server ... permissions on each mailbox to the new domain user account. ... work is to give User B full mailbox access on Exchange mailbox. ...
    (microsoft.public.windows.server.sbs)
  • Re: Change computer name
    ... Should I log in as administrator of the computer or the domain server to ... I have tried both without success. ... account and one power user domain account. ... You need to log in as administrator to change the computer name. ...
    (microsoft.public.windowsxp.general)
  • RE: XP sp2 NT domain trust 2003 AD
    ... I gave the user back her NT workstaion and she hasnt been ... > domain server, does this guy get locked out too. ... What are your password and account lockout policies. ...
    (microsoft.public.windows.server.active_directory)
  • EFS Recover Agents Unable to decrypt files
    ... Default Domain administrator and additional domain administrator have ... Created a test file on a workstation by a test account with Domain User ... Recovery Agents I performed the process described in "Encrypting File System ...
    (microsoft.public.win2000.file_system)