|
Posted by =?Utf-8?B?RGF2ZUc=?= on October 19, 2005, 4:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
I would like to set up a network folder where I can save Minutes of
high-level meetings, and restrict access to senior Management, and
specifically exclude the IT Staff. No offence to you techies, but some
things are just not for your eyes!
Any suggestions very gratefully received. Thanks
|
|
Posted by S. Pidgorny on October 19, 2005, 4:52 am
If you were Registered and logged in, you could reply and use other advanced thread options
You can apply ACLs - but the system administrator will be able to take over
the ownership and view. You can audit and alert on permission change for the
object - but the sysadmin can stop alerting.
Apply DRM attributes by using Windows Rights Management.
If this is not a good option, just use password-protected ZIP and don't give
the password to the admins.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
> I would like to set up a network folder where I can save Minutes of
> high-level meetings, and restrict access to senior Management, and
> specifically exclude the IT Staff. No offence to you techies, but some
> things are just not for your eyes!
>
> Any suggestions very gratefully received. Thanks
|
|
Posted by Roger Abell [MVP] on October 19, 2005, 10:27 am
If you were Registered and logged in, you could reply and use other advanced thread options
type of need is Digit Rights Management systems. The inability
to address the need directly in the OS is not just a Microsoft OS
issue either. Consider, you do want that backed up I would have
to assume - which means something does need ability to read it,
etc.. Then, for each such system mgmt need one finds a way
around the privacy problem, but as one looks further at that way
around - like low level disk imaging for the backup issue - one
sees another way that the privacy can be breached.
The cheap solution is to have trusted administration what uses
minimum rights for their tasks.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
>I would like to set up a network folder where I can save Minutes of
> high-level meetings, and restrict access to senior Management, and
> specifically exclude the IT Staff. No offence to you techies, but some
> things are just not for your eyes!
>
> Any suggestions very gratefully received. Thanks
|
|
Posted by Steven L Umbach on October 21, 2005, 2:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
physically secured where only you or others you trust 100 percent can access
it. Then you or those you trust 100 percent would be local administrators.
Then use that computer to create a share to save documents to. You would
have to create local user accounts that match the username/password that the
other management team would logon to their computer to access the share.
The username/password could be the same as their domain accounts. If a
domain administrator reset their user account passwords and tried to gain
access to the share they would be denied access. However if a domain
administrator could "crack" the user's password he could possibly gain
access. To minimize that risk use pass phrases of at least 15 characters in
length. Keep in mind that any user that gains physical access to a computer
can access the data totally undetected. If the data is extremely
confidential you would want to consider encrypting it on the stand alone
computer. You can use EFS in Windows XP Pro and Windows 2003 to share
encrypted EFS files. EFS has it's own risks however and should not be used
until you know the risks and best practices. -- Steve
>I would like to set up a network folder where I can save Minutes of
> high-level meetings, and restrict access to senior Management, and
> specifically exclude the IT Staff. No offence to you techies, but some
> things are just not for your eyes!
>
> Any suggestions very gratefully received. Thanks
|
| Similar Threads | Posted | | Network security general discussion | April 18, 2008, 12:24 pm |
| RE: General PKI Question | July 8, 2005, 9:07 am |
| General VPN question | January 5, 2006, 4:35 am |
| General EFS Question | November 17, 2006, 10:16 am |
| Very basic network security question | November 17, 2005, 6:44 pm |
| Network Service security question | July 31, 2008, 6:41 am |
| General antispyware question for - enterprise deployment | August 5, 2005, 5:31 pm |
| IE6 and OE6 security in general | March 7, 2007, 4:16 pm |
| Question on - Network Access: Do not allow anonymous enumeration of SAM accounts and shares | April 3, 2008, 9:48 am |
| multiple comp. user- general security user | September 24, 2006, 3:51 pm |
|
XML site map