Restrict Access

From: "mwheat" <mwheat28@xxxxxxxxxxxxxxxxxx>
Date: Mon, 7 Aug 2006 18:15:16 -0500

Good afternoon. I'm hoping someone has a suggestion for how to proceed on
this as it doesn't quite fit any scenarios I've dealt with before.

Can we restrict management and access to servers in Active Directory from
upper level enterprise admins?

Scenario:
Company A is has multiple database servers that need to be protected due to
proprietary information. Company B has acquired company A and agreed that
all DB servers are off limits to company B. They are migrating all users and
objects from A into a new OU in company B's Active Directory. The concern is
trying to restrict upper level enterprise admins from having access or
changing permissions on those boxes. All users from company A will still
need access to the DB servers.

Sorry for the somewhat confusing scenario. We've noodled the possibility of
creating a separate network space and restricting access by ACLs and rules.
Alternatively we could remove these machines from the new domain and create
a new one with a non-transitive trust. Then lock it down with group
membership.
Both seem to have pros and cons.

Any assistance would be greatly appreciated.
MW

.

Follow-Ups:
- Re: Restrict Access
  - From: Anthony

Prev by Date: System stuck at rebuilding index
Next by Date: Re: System stuck at rebuilding index
Previous by thread: System stuck at rebuilding index
Next by thread: Re: Restrict Access
Index(es):
- Date
- Thread

Relevant Pages

Re: Controlling access to MSTSC.exe
... to get through the windows firewall. ... static configuration by using VLANS in conjunction with a VLAN Policy Server ... > programs where I will need the ability to restrict by ... >>> level policy (i.e. who can connect via remote desktop to the servers). ...
(microsoft.public.windowsxp.setup_deployment)
Re: Not able to connect
... The ntp.conf file I appended was installed by the Fedora Core 5 installation except for the NIST servers which were added by the system date/time s/w under Fedora Core 5. ... The port number on your system is arbitrary, and is usually chosen at random by your system each time the client program prepares to make a request for the time. ... How can I tell if ntpd is working and keeping the clock synched? ... You may wish to restrict the pool to your geographic area. ...
(comp.protocols.time.ntp)
Re: Restrict Access
... This means that you would need to use a completely separate unconnected ... Can we restrict management and access to servers in Active Directory ... The concern is trying to restrict upper level enterprise admins from ...
(microsoft.public.windows.server.active_directory)
Re: Restrict Access
... This means that you would need to use a completely separate unconnected ... Can we restrict management and access to servers in Active Directory ... The concern is trying to restrict upper level enterprise admins from ...
(microsoft.public.windows.server.active_directory)
Re: restrict access to Application Log
... I don't know of a direct way to do that like to the guests, ... Users also need access to file and print sharing on those servers to ... > I want to restrict access to the App and System logs in Event viewer on remote ...
(microsoft.public.win2000.security)