Re: What is the best way to restrict access to Domain Admins oncertain folders?
On Mar 19, 10:06 pm, "Dobromir Todorov" <dtodo...@msn.com> wrote:
> ACLs won't help to *really* restrict access - Domain Admins can typically
> take ownership and change permissions directly or indirectly.
>
> EFS with DRA's that *are not* the Domain Admins but trusted individuals is
> the best option off the top of my head. If the DRA and user key pairs and
> and associated certificates are properly protected (stored on Smart Cards),
> this is pretty much the best it can get without third party components.
>
> Regards,
> Dob
>
> --
> ---
> HTH,
> Dobromir
>
> Learn more about Security and Identity Management:
> Visithttp://www.iamechanics.com
>
> "Ravi" <ravichandra.thall...@gmail.com> wrote in message
>
> news:bcb0ff16-dced-4ad3-89d0-b866e81b552e@e23g2000prf.googlegroups.com...
>
>
>
> > Some of the folders in our file system contain sensitive financial
> > data. The file server is managed by our IT department. How do I
> > restrict the people in Domain Admins group (some of them are from IT
> > Department) from accessing sensitive data? If I remove read
> > permissions to Domain Admins, backup jobs may fail- Hide quoted text -
>
> - Show quoted text -
Thank you. Looks like this will be the best solution for our scenario.