Re: How can I get access to files and folders on my portable drive on other computers?

From: Dmitry Kopnichev (kopn_at_hotbox.ruDELETE)
Date: 07/15/05 

Date: Fri, 15 Jul 2005 12:50:54 +0400

Our domain is needed for our women usually and Windows XP illiterate workers
who can not administer their Windows XP themselves.
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:OoyufVRiFHA.1968@TK2MSFTNGP14.phx.gbl...
> "Dmitry Kopnichev" <kopn@hotbox.ruDELETE> wrote in message
> news:OPYPs6QiFHA.2444@tk2msftngp13.phx.gbl...
>> Not giving access to sensitive data to the domain administrator is more
>> effective.
>
> While that may be so, the best, in fact only, way to do that
> is to have no domain.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
>
>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>> news:%23VsCEjIiFHA.3544@TK2MSFTNGP15.phx.gbl...
>> > "Dmitry Kopnichev" <kopn@hotbox.ruDELETE> wrote in message
>> > news:ON8mxuEiFHA.320@TK2MSFTNGP09.phx.gbl...
>> >> "Admins having full access to everything by default" is the cause of
> CDs
>> >> with sensitive information appearing on a black market. Some Admins
> steal
>> >> personal information about customers, especially, users of mobile
>> >> networks, owners of properties, money orders logs, bank transactions
>> >> logs, etceteras, before changing work. These information is invaluable
>> >> for criminals, thieves, robbers, killers for searching for their
> victim.
>> >> Admins do not lose much if a company loses its sensitive information.
>> >> They can always find another work, but owners lose money and top
> managers
>> >> work and their credit.
>> >
>> > You have several options. Most of the computer related ones have
>> > already
>> > been explained to you. If none of those work for you, you will have to
> do
>> > some more research. Personally I believe you need to rethink you
> company's
>> > hierarchy. If your data is that sensitive you need to do one of two
>> > things. Hire someone you trust to manage your network. Train an
>> > existing
>> > empoyee you trust to manage your network. If it is so lucrative to
>> > steal
>> > your data then you can afford to pay someone enough that they won't
> steal
>> > your data. Most organizations and governments have policies to deal
>> > with
>> > this issue. In the end what it comes down to is trust. It sounds like
> you
>> > don't have any. You could physically search your admin as he leaves the
>> > building.
>> >
>> > Kerry
>> >
>> >
>> >> "Leythos" <void@nowhere.lan> wrote in message
>> >> news:MPG.1d3f031b7b4482ce9899da@news-server.columbus.rr.com...
>> >>> In article <OC#sKZ7hFHA.2916@TK2MSFTNGP14.phx.gbl>,
> kopn@hotbox.ruDELETE
>> >>> says...
>> >>>> Only General manager is supposed to see all the information. But he
>> >>>> will not
>> >>>> administrate the network himself of course. General manager has even
> a
>> >>>> second computer separate from the Admins network to keep information
>> >>>> securely. Our Admin is two times younger than most of our
>> >>>> specialists
>> >>>> and
>> >>>> has only computer education and is not devoted to our business as
>> >>>> the
>> >>>> General manager is. A company can never take just a computer
> specialist
>> >>>> into
>> >>>> it's confidence, can never entrust all its commercial information to
>> >>>> him.
>> >>>
>> >>> You are COMPLETELY WRONG. A good network admin will be vested in the
>> >>> company with all their heart and desire. They will always look to
>> >>> protect the network and it's data. They have full access to
>> >>> everything
>> >>> by default and can take ownership of anything they want. If you don't
>> >>> trust the Admin then you are in a bad spot, as the Admin can do many
>> >>> things without you even finding out about it.
>> >>>
>> >>> Now, to protect you against an rogue Admin, you need a second Admin
> that
>> >>> is used to check the other admin - in fact, both check each other for
>> >>> doing things that should not be done. Both Admins have full access to
>> >>> all resources, it's the nature of the networks.
>> >>>
>> >>> If you don't want an Admin to have access, then setup another
>> >>> network,
>> >>> managed by someone you trust at the moment, and don't give the Admin
> any
>> >>> access to it.
>> >>>
>> >>> In every company I've worked for or designed the network for, the
> Admin
>> >>> group (sometimes 1 person, but normally more than 1) has full access
> to
>> >>> all resources, even if they don't use them.
>> >>>
>> >>> If the Admin can't reach all resources, then they can't properly do
>> >>> their job - which is Network security, Resource Protection, support
>> >>> of
>> >>> users, disaster recovery planning and testing, and monitoring for
>> >>> unapproved activity (yea, there are more).
>> >>>
>> >>>
>> >>> --
>> >>> --
>> >>> spam999free@rrohio.com
>> >>> remove 999 in order to email me
>> >>
>> >
>> >
>>
>
>

Relevant Pages
Loading