What is the best way to restrict access to Domain Admins on certainfolders?

's Computer Specifications

Some of the folders in our file system contain sensitive financial
data. The file server is managed by our IT department. How do I
restrict the people in Domain Admins group (some of them are from IT
Department) from accessing sensitive data? If I remove read
permissions to Domain Admins, backup jobs may fail.

's Computer Specifications

Ravi <(E-Mail Removed)> wrote:
> Some of the folders in our file system contain sensitive financial
> data. The file server is managed by our IT department. How do I
> restrict the people in Domain Admins group (some of them are from IT
> Department) from accessing sensitive data? If I remove read
> permissions to Domain Admins, backup jobs may fail.

EFS. But be very careful. Your domain admins/IT staff are the ones you need
to rely on to administer/manage/back up and restore your data. If you
encrypt something and they can't work on it/back it up, and you can't
unencrypt it, your data is lost. Hire only admins you can trust, and have
everyone sign computer use agreements, nondisclosure agreements, and so
forth..

Note for future This isn't really the best group for a question like this -
I'd post in microsoft.public.windows.server.active_directory with a possible
crosspost to microsoft.public.security.

's Computer Specifications

"Lanwench [MVP - Exchange]" wrote:

>
> EFS. But be very careful. Your domain admins/IT staff are the ones you need
> to rely on to administer/manage/back up and restore your data. If you
> encrypt something and they can't work on it/back it up, and you can't
> unencrypt it, your data is lost.

Very true.

Besides, IT staff are Gods <eyes glow> and you would do well to kneel before
us.

's Computer Specifications

Anteaus <(E-Mail Removed)> wrote:
> "Lanwench [MVP - Exchange]" wrote:
>
>>
>> EFS. But be very careful. Your domain admins/IT staff are the ones
>> you need to rely on to administer/manage/back up and restore your
>> data. If you encrypt something and they can't work on it/back it up,
>> and you can't unencrypt it, your data is lost.
>
> Very true.
>
> Besides, IT staff are Gods <eyes glow> and you would do well to kneel
> before us.

We especially like offerings of glazed raspberry-jelly doughnuts.

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Restrict Domain admins for Remote Desktop	CBO	Windows XP General	2	7th Apr 2008 09:05 PM
Remove domain admins from local admins group on specific servers	=?Utf-8?B?UkE=?=	Microsoft Windows 2000 Active Directory	6	21st Oct 2005 07:28 PM
I am a member of domain admins, but I have been denied access to a certain OU.	Shane M Ryan	Microsoft Windows 2000 Active Directory	1	28th Oct 2004 07:54 AM
'Restrict' International/Site Domain Admins	Rubin Farr	Microsoft Windows 2000 Active Directory	2	4th Nov 2003 03:12 AM
Enterprise Admins and Domain Admins Group	Hutch	Microsoft Windows 2000 Active Directory	1	22nd Oct 2003 04:06 PM