Can I hide my personal information from administrators of a domain?

[Roger Abell [MVP]]

If your machine is not in a domain then only local accounts
defined on the machine may be used to access what is stored
on the machine (unless you have enabled Guest access).

 

[Dmitriy Kopnichev]

Yes. I can use a domain account that is granted access to a domain resource
from a non-domain machine.

This depends. Usually one can use a domain account that
is granted access to a domain resource in order to access
that resource from a non-domain machine. However, the
resource can be configured so this is not possible.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4

Will I retain access to needed domain network folders if I click "Workgroup"
in "Computer name changes" window in "System
Properties" window?

on

a

domain

is

a
network exchange disk.
Can I hide my personal information from administrators of a

domain
in

which
my computer is?

Copy the information to disk, then delete it.

Or how to share a folder on my computer with other members
of the domain?

Description of File Sharing and Permissions in Windows XP [Q304040]
http://support.microsoft.com/?kbid=304040

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

 

[Dmitriy Kopnichev]

How to know what groups and account have any access to my computer? There's
no a domain account other than mine in "Users Accounts".

Look at the NTFS perrmissions to see aht groups/accounts
are granted access, and compare this to the accounts that
are members in those groups. In default, Domain Admins
are members of the local Administrators group, but they could
be added into other groups.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4

How to know if domain admin has access to the info?

on

a

domain

is

a
network exchange disk.
Can I hide my personal information from administrators of a

domain
in

which
my computer is?

Copy the information to disk, then delete it.

Or how to share a folder on my computer with other members
of the domain?

Description of File Sharing and Permissions in Windows XP [Q304040]
http://support.microsoft.com/?kbid=304040

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

 

[Dmitriy Kopnichev]

I enabled the Guest account. What do you mean it by Guest access?

 

[Roger Abell]

There are two policies, in the User Rights
Log on locally
and
Access this computer from the network

Any account not listed in these cannot access
your machine, except to extent that anonymous
null sessions are allowed. These can also be
restricted by use of policies in the Security
Options with local policy.

When you are in a domain, anything that you
set in local policy can be overridden from the
domain level.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA

How to know what groups and account have any access to my computer? There's
no a domain account other than mine in "Users Accounts".

Look at the NTFS perrmissions to see aht groups/accounts
are granted access, and compare this to the accounts that
are members in those groups. In default, Domain Admins
are members of the local Administrators group, but they could
be added into other groups.

information

on

a
removable disk is not convenient. The only thing I need in the

domain

is
a
network exchange disk.
Can I hide my personal information from administrators of a domain
in
which
my computer is?

Copy the information to disk, then delete it.

Or how to share a folder on my computer with other members
of the domain?

Description of File Sharing and Permissions in Windows XP [Q304040]
http://support.microsoft.com/?kbid=304040

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

 

[Roger Abell]

By Guest access Microsoft means allowing access to things
that are shared with Guest being granted permissions when
this is done by someone on the network that does not have
an account.
What I mean by Guest access is something rarely used (by
myself) and of little value. I usually cripple it as much as
I can.

 

[Dmitriy Kopnichev]

I don't use my domain account. I connect to a domain server from my local
account. The domain administrator says that I should be in our domain for
being able to open domain servers with my two IP address configuration. Is
this bluff? Can I restrict access to my computer for domain administrators?

There are two policies, in the User Rights
Log on locally
and
Access this computer from the network

Any account not listed in these cannot access
your machine, except to extent that anonymous
null sessions are allowed. These can also be
restricted by use of policies in the Security
Options with local policy.

When you are in a domain, anything that you
set in local policy can be overridden from the
domain level.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA

How to know what groups and account have any access to my computer? There's
no a domain account other than mine in "Users Accounts".

Look at the NTFS perrmissions to see aht groups/accounts
are granted access, and compare this to the accounts that
are members in those groups. In default, Domain Admins
are members of the local Administrators group, but they could
be added into other groups.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4
How to know if domain admin has access to the info?
If you have info stored on the local machine, and some
account (domain admin or any other) has access to the
info, it does not matter what account owns the info nor
whether that account is or is not logged in.
You can set permissions so that domain admins do not
have access to some files/folders. You can also make it
more difficult for domain admins to log into your machine
(locally or over the network) but if they really want to get
at something on your machine they can if the domain is
W2k or later.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
Can the domain administrators see my information even when I'm not
logged
on
to a domain account but to a local account? Keeping the

information

on
a
removable disk is not convenient. The only thing I need in the domain
is
a
network exchange disk.
Can I hide my personal information from administrators of a domain
in
which
my computer is?

Copy the information to disk, then delete it.

Or how to share a folder on my computer with other members
of the domain?

Description of File Sharing and Permissions in Windows XP [Q304040]
http://support.microsoft.com/?kbid=304040

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

 

[Dmitriy Kopnichev]

Hello
I disjoined our domain. But to retain access to domain servers I disabled
the LAN connection before disjoining. Disabling the LAN connection prevented
disabling my account in our domain. Now domain administrators don't have
access to my computer, but I have access to domain resources!

 

[Guest]

I'm glad you don't work for my company. If you did, you would be gone by now. Admins need access to ALL systems. That's what our employers pay us for. And to all the helpful folks that responded to you, shame on them...

 

[Dmitriy Kopnichev]

Our employers pay domain admins for the domain to work properly, not my
computer. I have been administering my computer for 4 years. The domain
admins work here for a year only.

I'm glad you don't work for my company. If you did, you would be gone by

now. Admins need access to ALL systems. That's what our employers pay us
for. And to all the helpful folks that responded to you, shame on them...

 

[Dmitriy Kopnichev]

An oil company can earn money without admins if oil specialists can
administer their computer by themselves, but can't with admins and without
oil specialists.

I'm glad you don't work for my company. If you did, you would be gone by

now. Admins need access to ALL systems. That's what our employers pay us
for. And to all the helpful folks that responded to you, shame on them...

 

[Jeremy]

I agree with the other person. If you worked where I do you would be gone
or written up quickly. The main thing lots of people forget and it seems
you have to, its not YOUR computer its the company's. If you have personal
information on it you might want to re-evaluate your job. Work is for
work, home is for personal. That's also why our admins runs SMS and
inventory every computer nightly looking for games, porn etc... If your
computer belongs to a domain there is no way to hide your information. A
domain admin could take ownership and reset any permissions. Only way you
could truly hide your information would be to remove your computer from the
domain and the network.

 

[Dmitriy Kopnichev]

I removed my computer from our domain but still have access to domain
resources. Why should I remove my computer from our network to truly hide my
information?

 

[JimBobTheCross]

In response to Roger ABell's rubbish

Roger, you are an arrogant and pointless man. Youre one of the reasons that M$ certified get the kind of reputation that they dont always deserve.

Your comment 'If it says the domain is unavailable, the domain IS unavaiable' is utter and total rubbish. If you dont know the issues, dont speak.

If any other poor soul has a similar problem, the following link *might* help.
http://www.chicagotech.net/wineventid.htm

And yes, Im an MS certified. MCSD to be precise. No, its not related to this problem, however Im not making a statement based on my own knowledge, but offering a solution that worked for me.

Roger, for the sake of others sanity.... SILENCE.

 

[Star Fleet Admiral Q]

Hard to decide who is/is not credible, especially since many can't even post
with the OP's original post included - how typical to only post your
"point-of-view".

--

Star Fleet Admiral Q @ your Service!

http://www.google.com
Google is your "Friend"