Re: Access denied
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 03/12/05
- Next message: BINZA_at_: "Switch to native mode?"
- Previous message: Dean: "Member server cannot "see" Active Directory"
- In reply to: Tony23: "Re: Access denied"
- Next in thread: ptwilliams: "Re: Access denied"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 12 Mar 2005 09:44:46 -0000
Yes, of course. Which is why I stated that the poster should enable
auditing so that he can see if an administrator modifies the ownership and
then permissions, etc.
A lot of this comes down to trust. If the boss doesn't want the
administrators seeing his files, set the permissions so they can't.
Granted, this won't actually stop an administrator from viewing these files
if he/ she wishes too, but it will stop somebody from casually opening them.
Auditing will enable a small audit trail that can pin point any
untrustworthy admins.
There's not much more you can do...
Offline files, local files, etc. don't get backed up. Plus, you can't trust
machines that are not covered by your corporate anti-virus policy. It would
probably be a breach of your corporate security practice to knowingly allow
unsecured laptops into the environment. Especially for possible secret
files. Files of this nature stay on the file servers.
If permissions aren't what you need, look to encryption...
-- Paul Williams http://www.msresource.net/ http://forums.msresource.net/
- Next message: BINZA_at_: "Switch to native mode?"
- Previous message: Dean: "Member server cannot "see" Active Directory"
- In reply to: Tony23: "Re: Access denied"
- Next in thread: ptwilliams: "Re: Access denied"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
