Re: Administrator
- From: Parag Sinkar <ParagSinkar@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Apr 2005 16:07:06 -0700
Domain Admins OR DBAs can do lot of "OTHER" things, so I agree with Garry and
its better u trust these people. :-)
Thanks
"KnightFall1" wrote:
> Just a quick question, but why do you consider your Domain Admins being in
> the Local Administrators group a security risk? As an FYI this is the default
> behavior when the OS is installed as well. I do agree with Gary because if
> you happen to do something to lock yourself out of Sharepoint having the
> Domain Admins available might be the only thing that saves you.
>
> If your concern is their ability to modify content indiscriminately, you may
> want to draft a formal policy on usage to address this and get management
> signoff. The other reason you want them to have this access is because don't
> forget that Domain Admins also perform other administrative functions aside
> from Sharepoint (OS patches, backups, software installs, etc.) where an
> elevated level of administrative privileges are required.
>
> The other example of this is the database. I'm assuming you are not the DBA
> of the Sharepoint database as well. Otherwise you could make the same
> argument that the DBA has too much access to the Sharepoint databases, which
> in fact holds all the data. But a DBA is going to have more specific
> knowledge/experience in managing databases than the application
> administrator. So you wouldn't want to prevent the DBA from accessing the
> Sharepoint databases, right?
>
> "JMark" wrote:
>
> > Thanks. In our company, domain admin group has to be added
> > to the local administrator group for each server. So
> > basically these guys are all admins of my SPPS - this is a
> > security issue.
> >
> > How can we solve this?
> >
> >
> >
> > >-----Original Message-----
> > >No. This is a security feature so that there is always a
> > way to manage
> > >security just in case someone screws up and deletes all
> > admin rights on a
> > >site or area.
> > >
> > >--
> > >Gary A. Bushey
> > >SPS MVP
> > >bushey@xxxxxxxxxxxxxx
> > >"JMark" <anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> > message
> > >news:0b1f01c53a08$419c0320$a501280a@xxxxxxxxxx
> > >> Hi,
> > >>
> > >> Members of the administrators group for the local SPP
> > >> server computer are allowed to perform administrative
> > >> functions for SPPS.
> > >>
> > >> In our SPP server, 3 users from the domain admin group
> > are
> > >> the local administrator of this server. Is there any
> > ways
> > >> that I can remove their "admin" rights from the SPPS
> > >> without removing them from the local administrator group
> > >> of tha server?
> > >>
> > >> Please help.
> > >
> > >
> > >.
> > >
> >
.
- References:
- Administrator
- From: JMark
- Re: Administrator
- From: Gary A. Bushey [MVP]
- Re: Administrator
- From: JMark
- Re: Administrator
- From: KnightFall1
- Administrator
- Prev by Date: Re: Sharepoint Portal with Non-Sharepoint Websites
- Next by Date: RE: Moving content to another SPPS, what happens to versioning??
- Previous by thread: Re: Administrator
- Next by thread: Re: Administrator
- Index(es):
Relevant Pages
|
