Re: Co-Administrator
- From: "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Dec 2007 11:13:24 -0700
tatat wrote:
Using the built in Encrypting File System (EFS) it's possible to
restrict access to the point that administrators cannot read the
files without the proper account password. Learning curve is a bit
steep. Practice on a workstation until you get the hang of it.
Leaks like a seive. All the admin (or anyone else) needs is one of the
encrypting certs or the recovery cert. Oh, and the admin is also the
Certificate Authority Manager, so exporting any cert issued by it is
trivial.
Not that it's not possible, just that using built in CA still has the Domain
Admin still in control (by default).
Best practices for the Encrypting File System:
http://support.microsoft.com/kb/223316
"Charles" <Charles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:07ECA812-C39E-4A01-83B2-9A864524AB34@xxxxxxxxxxxxxxxx
Hi,
I would like to grant admin rights with a young colleague so that he
can help me with all the IT stuff. Problem: there are certain shared
folder containing sensitive info that he cannot access now -- and I
would like it to
stay that way. Is there a simple way to give him enough rights to do
the IT
admin work, while keeping him from given shared folders?
So far this is what has kept me from granting him admin rights, so
any help
appreciated;
Charles
--
/kj
.
- Follow-Ups:
- Re: Co-Administrator
- From: tatat
- Re: Co-Administrator
- References:
- Re: Co-Administrator
- From: tatat
- Re: Co-Administrator
- Prev by Date: Re: Prevent folder move and deletion?
- Next by Date: Re: SBS Fax
- Previous by thread: Re: Co-Administrator
- Next by thread: Re: Co-Administrator
- Index(es):
Relevant Pages
|
