Re: What is the best way to restrict access to Domain Admins on certain folders?
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Mar 2008 09:42:52 -0400
Ravi <ravichandra.thalluri@xxxxxxxxx> wrote:
Some of the folders in our file system contain sensitive financial
data. The file server is managed by our IT department. How do I
restrict the people in Domain Admins group (some of them are from IT
Department) from accessing sensitive data? If I remove read
permissions to Domain Admins, backup jobs may fail.
EFS. But be very careful. Your domain admins/IT staff are the ones you need
to rely on to administer/manage/back up and restore your data. If you
encrypt something and they can't work on it/back it up, and you can't
unencrypt it, your data is lost. Hire only admins you can trust, and have
everyone sign computer use agreements, nondisclosure agreements, and so
forth..
Note for future This isn't really the best group for a question like this -
I'd post in microsoft.public.windows.server.active_directory with a possible
crosspost to microsoft.public.security.
.
- References:
- Prev by Date: What is the best way to restrict access to Domain Admins on certain folders?
- Next by Date: Re: question to svchost
- Previous by thread: What is the best way to restrict access to Domain Admins on certain folders?
- Next by thread: Re: What is the best way to restrict access to Domain Admins on ce
- Index(es):
Relevant Pages
|
