Re: Domain Admins restriction

From: tshad (tscheiderich_at_ftsolutions.com)
Date: 10/18/04 

Date: Mon, 18 Oct 2004 13:16:29 -0700

"Oli Restorick [MVP]" <oli@mvps.org> wrote in message
news:u0txHOwsEHA.376@TK2MSFTNGP09.phx.gbl...
> There is no such thing as a restricted domain administrator. Absolutely
> anything you put in his way, he can undo.
>
> As far as file permissions are concerned, a deny overrides everything, no
> matter who you are. However, there's nothing to stop him giving himself
> access to the files again because he's an administrator of the machine the
> files are on.
>
> Have you thought about using the Rights Management facilities of Office
> 2003? This will encrypt the files and is about as close as you'll get to
> doing what you want.
>
> I would also argue with you assertion that you have people who need to be
> domain admins. Use the delegation of control wizard to delegate certain
> tasks.

We have one person (the owner of the company) who has complete access. We
also need a couple of people who administer the domain that also need access
to all but a couple of folder that contain sensitive information. A problem
is that the owner is away a bit and if he is gone and we need to get access,
we need to be able to.

Where is the "delegation of control wizard"?

Thanks,

Tom.

>
> Regards
>
> Oli
>
>
> "tshad" <tscheiderich@ftsolutions.com> wrote in message
> news:OSUkFQvsEHA.624@TK2MSFTNGP09.phx.gbl...
>> We have a couple of people that need to be Domain Admins. This works
>> fine.
>>
>> My problem is that I want 1 person to be a Domain Admin, but there are a
>> few user files I want to restrict him from.
>>
>> I tried Domain Admin to the folders (which he is part of) and then adding
>> his name to these folder and restricting access, but it doesn't work.
>> Apparently Domain Admin takes precedence.
>>
>> Is there a way to do this?
>>
>> Thanks,
>>
>> Tom.
>>
>
>

Relevant Pages

  • Re: Lockdown
    ... There are a couple things you can do assuming users do not have administrator rights. ... member] deny ntfs permissions or not having any allow permissions to a application ... folder or file you can prevent the user from running that application or saving to a ... To restrict users to a certain website, you need to have your firewall ...
    (microsoft.public.win2000.security)
  • Re: Restrict Domain admins for Remote Desktop
    ... restrict users in same groups then either set up another security group, ... Administrators from using Remote Desktop onto my computer. ... want to restrict a domain admin and an administrator without ... restricting myself as I am also a domain admin and administrator. ...
    (microsoft.public.windowsxp.general)
  • Restrict Domain admins for Remote Desktop
    ... Administrators from using Remote Desktop onto my computer. ... want to restrict a domain admin and an administrator without ... restricting myself as I am also a domain admin and administrator. ...
    (microsoft.public.windowsxp.general)
  • Re: Restrict Domain admins for Remote Desktop
    ... Administrators from using Remote Desktop onto my computer. ... want to restrict a domain admin and an administrator without ... restricting myself as I am also a domain admin and administrator. ...
    (microsoft.public.windowsxp.general)
  • Re: Applications/programs that require admin rights
    ... Updates to Restricted Groups ("Member of") behavior of user-defined local ... Systems Administrator ... you need to be Domain Admin to install software on a ... or use the runas command to install the app on ...
    (microsoft.public.windows.server.active_directory)
Quantcast