Re: Domain Admins and Sharepoint

From: "Todd Klindt" <usenet@xxxxxxxxxx>
Date: Thu, 18 May 2006 11:21:07 -0500

SP2 for WSS includes a way to keep local admins out of the sites they don't
have explicit person to. The implementation is covered here,
http://support.microsoft.com/kb/892295/

tk
"Jtyc" <yo@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e4S7NQoeGHA.2188@xxxxxxxxxxxxxxxxxxxxxxx

My company is comprised mostly of domain admins...I removed domain
admins from local administrator on the sharepoint server, however, none
of my security permissions on sharepoint have any effect whatsoever.
I've read a couple of posts, that say that domain admins should have
all rights, which I agree with also. But sharepoint sites may have
critical business information that an IT-based should not have direct
access to. Yes, they could mine into the database and do a bunch of
tricky stuff. Still I believe that on the surface level there should
still be a way to limit access. Does anyone have experience with this?
Any workarounds at all?

If your box is in the domain, you are never going to stop domain admins
from being to able to access your data in SharePoint.

Your company needs to re-evaluate it's security policies if you ask me.

Follow-Ups:
- Re: Domain Admins and Sharepoint
  - From: Jtyc

References:
- Domain Admins and Sharepoint
  - From: Daniel
- Re: Domain Admins and Sharepoint
  - From: Jtyc

Prev by Date: Re: Documents Storage Location
Next by Date: Re: Domain Admins and Sharepoint
Previous by thread: Re: Domain Admins and Sharepoint
Next by thread: Re: Domain Admins and Sharepoint
Index(es):
- Date
- Thread

Relevant Pages

Re: Enable non-admin users to access member servers or client PC
... the client machines they probably will require to be local admins (Not ... In order to modify server folder permissions the group needs to be ... groups like Domain Admins, Administrators, etc. ...
(microsoft.public.windows.server.active_directory)
Re: Administrator
... Well as far as the SQL DBA point I brought up, part of the reason for that is ... that there is no global SQL Admins domain group anyway but that wasn't done ... because of Sharepoint especially since SQL Server existed before Sharepoint ... > me a choice which I can choose to include domain admins as ...
(microsoft.public.sharepoint.portalserver)
Re: Domain Admin?
... If you want them to be local admins so they can perform maintenance than you should consider using restricted groups: ... Create the gpo in the ou where the Computers reside, go to computer configuration/windows settings/security settings/restricted groups, right click on restricted groups and select new group and key in the group you want auto populated. ... We have some users who are local admins on machines and for some reason they feel compelled to remove the domain admins from their local administrators group. ...
(microsoft.public.windows.server.active_directory)
Re: users removing Domain Admin from local admin group
... You can't set the machine up so local admins can't modify the local ... administrators group. ... If the corporate policy is that domain admins are to be listed in the ...
(microsoft.public.win2000.security)
Re: Reconnecting Sharepoint Services after installing Sharepoint Portal 2003
... > Hi Colin, ... > "you must be a member of the domain admins, schema admins, and enterprise ... >> Do you think I should consider removing MSDE Sharepoint and Sharepoint ... I'm therefore hopeful that if only we can ...
(microsoft.public.windows.server.sbs)