Re: Access denied
From: Doug Frisk (PublicNews_at_removeme.fazwak.com)
Date: 03/08/05
- Next message: ucan: "Re: Group Policy Deploy XP SP2"
- Previous message: Simon Geary: "Re: AD Replication"
- In reply to: best_at_news.postalias: "Access denied"
- Next in thread: Frances [MSFT]: "Re: Access denied"
- Reply: Frances [MSFT]: "Re: Access denied"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Mar 2005 15:18:01 -0600
<best@news.postalias> wrote in message
news:590901c52418$bab29d10$a601280a@phx.gbl...
> Hi All,
>
> How could a specific folder be configured with access
> denied even to administrators, except for the boss as the
> folder contains some confidential information ?
>
> Many thanks.
You cannot configure permissions to do this. Anyone who has administrator
level access to a machine can shoehorn into any file.
You *can* use EFS in this case. You would need to configure the encryption
recovery agent for those particular files to be a certificate that the
admins do not have access to. (They need to be stored on a floppy, CD or
USB pendrive or some other such thing.) If the certificates required to
decrypt the files are not available to the admins, they can see the files,
could even delete them, but not access them.
Now, the files can be on the network, the admins cannot decrypt them to view
them. This meets what I think you're trying to do, but be waned, if the
boss loses the exported certificates required to decrypt the files, you're
well and truly screwed.
- Next message: ucan: "Re: Group Policy Deploy XP SP2"
- Previous message: Simon Geary: "Re: AD Replication"
- In reply to: best_at_news.postalias: "Access denied"
- Next in thread: Frances [MSFT]: "Re: Access denied"
- Reply: Frances [MSFT]: "Re: Access denied"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
