Administrator Access

S

Steve Boland

I have a very paranoid boss at a W2K Server site who wants
to stop anyone, including the administrator, from
accessing his files on the file server. I realise this is
not desirable for any number of reasons but is it even
possible ?

You can certainly set the sharing and security permissions
to keep the administrator out but then he only has to sit
down at the server and take ownership again.

Any thoughts appreciated.

Steve Boland CCNA
 
S

Steven L Umbach

The only possible way is encryption of the files and even then it would need
to be a computer in his possession that can remain physically secured at
least until he exports/deletes the private keys. W2K offers EFS encryption,
but requires a recovery agent also which by default is the local
administrator on a non domain machine and the original administrator account
on the first domain controller of a domain. The problem with EFS is that as
long as the EFS user and recovery agent private keys used for decryption
remain on the computer, then it is possible for someone with physical access
to access those files by using the recovery agent if they are a legitimate
administrator or by a malicious person cracking or resetting the
administrator password or logging on as the user if they have a weak
password. Even if file are EFS encrypted on a server share they may be
sniffed off the wire becaue there is no encryption on the network unless
ipsec or vpn is used. --- Steve


http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
 
G

Guest

Steve,
The only option I can see here is that the files that he
doesn't want shared should be stored on his local machine.
This doesn't do much for you backup stratagy, but he will
feel better. He should know the responsibility of an
administrator.
 
P

PT Wang

Steve Boland said:
I have a very paranoid boss at a W2K Server site who wants
to stop anyone, including the administrator, from
accessing his files on the file server. I realise this is
not desirable for any number of reasons but is it even
possible ?
Click to expand...

Store his files locally (e.g. flash disk). When he wants them backed up to
the server, use archiver with encryption such as RAR.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Administrator Access 5
Folder Security Problems 1
Unable to take ownership of directory 2
Shared folder will be add deny administrators permission 2
How do I recover encrypted files 1
User can't access the server 1
system from domain is making many attempts to access the administr 1
Share admin 1

Top