R
Russell White
Greetings.
"Is it possible to make it impossible for a domain admin to take ownership
of a folder and it's contents?"
this question can also be phrased as...
"is it possible to make something accessible only to one user and no one
else (including domain admin) can either change permissions, take ownership,
etc."? It seems to me this is not possible - that domain admin can always
take ownership of these files.
The powers that be want one directory on our win2ksbs server to be
accessible only by a user, "fred". The domain admin should not have access
to this file nor should he be able to change permissions nor should he be
able to take ownership (thus allowing him to change permissions).
So it would appear to me that it is impossible (and for good reason I would
think) to make it impossible for domain admin to access a certain directory
because he could always take ownership of this directory and then change
permissions and then access the file.
Is this true? Is it possible to make it impossible for a domain admin to
take ownership of a folder and it's contents?
Thanks in advance,
Russ White
"Is it possible to make it impossible for a domain admin to take ownership
of a folder and it's contents?"
this question can also be phrased as...
"is it possible to make something accessible only to one user and no one
else (including domain admin) can either change permissions, take ownership,
etc."? It seems to me this is not possible - that domain admin can always
take ownership of these files.
The powers that be want one directory on our win2ksbs server to be
accessible only by a user, "fred". The domain admin should not have access
to this file nor should he be able to change permissions nor should he be
able to take ownership (thus allowing him to change permissions).
So it would appear to me that it is impossible (and for good reason I would
think) to make it impossible for domain admin to access a certain directory
because he could always take ownership of this directory and then change
permissions and then access the file.
Is this true? Is it possible to make it impossible for a domain admin to
take ownership of a folder and it's contents?
Thanks in advance,
Russ White