Administrator Access

G

Guest

I have a very paranoid boss at a W2K Server site who wants to stop anyone, including the administrator, from accessing his files on the file server. I realise this is not desirable for any number of reasons but is it even possible ?

You can certainly set the sharing and security permissions to keep the administrator out but then he only has to sit down at the server and take ownership again.

Any thoughts appreciated.

Steve Boland CCNA
 
A

Alan Wood [MSFT]

Hi....
What is the ROLE of the server. It doesn't make since that no one should
be able to Access Files on a File Server?

You can't keep the Admin from gaining access to the files. That is why he
is the admin. Please give more explanation of what your customer needs,
what the server does. That way we may be able to come to possible
resolution through other means.

Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Hi Alan,

Thanks for your interest. We are talking about the company file server but the boss wants his own folder to be completely secure. That is, no access by anyone except himself, including administrator.

Steve
 
G

Guest

Steve -

If you set the permissions on a specific directory for a
specific user, The administrator can still take ownership
of the directory if needed. However, from a technical
stand point of view, I would not allow this under any
circumstances for multiple purposes.
-----Original Message-----
I have a very paranoid boss at a W2K Server site who
Click to expand...
wants to stop anyone, including the administrator, from
accessing his files on the file server. I realise this is
not desirable for any number of reasons but is it even
possible ?
You can certainly set the sharing and security
Click to expand...
permissions to keep the administrator out but then he
only has to sit down at the server and take ownership
again.
 
D

Doug Sherman [MVP]

Encryption - export the recovery agent's key and give the floppy to the
paranoid boss?

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

Steve Boland said:
I have a very paranoid boss at a W2K Server site who wants to stop anyone,
Click to expand...
including the administrator, from accessing his files on the file server. I
realise this is not desirable for any number of reasons but is it even
possible ?
You can certainly set the sharing and security permissions to keep the
Click to expand...
administrator out but then he only has to sit down at the server and take
ownership again.
 
A

Alan Wood [MSFT]

You are correct.

There is not going to be a solution for you customer besides having him
keep his files on his local system.
The problem here seems to be trust issue. If he is the boss, then he
should be able to tell the admin not to look at those files. Trust is a
major part of hiring admins.

Some suggestions would be to make sure all Admins log in using there name,
have the Boss being the only one who actually knows the domain admin
password, then have auditing setup on his share. He could then review the
Security logs to make sure the other admins are not accessing the share.
It would also log the admin who deleted the Security Logs if they looked
at, then deleted the logs.

Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Administrator Access 4
Can't access resources on W2K server from VPN 4
Cannot access directory even as administrator. 2
everyone group has deny permissions 2
Connecting to Printers 1
everyone group has deny permissions set 1
everyone group has deny permissions 1
Looking for reasons not to rename administrator password 2

Top