Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

Block confidential files in shared folders from admins

Locked

THE HR And Finance departments refused to place their documents in the shared folders on the designated File Server.

Reason is the admins able to view their files or take ownership regardless the security restriction imposed on the files.

Is there any secure way to protect the files and still allows backups?

I can only think of 3rd party solutions that encrypt the files.

Topic

Clarifications

In reply to Block confidential files in shared folders from admins

Clarifications

The problem I see here

In reply to Block confidential files in shared folders from admins

Is a trust issue within the workplace.

They will want their files placed elsewhere, but when they lose them, they’ll expect IT to be able to pull them from the air instantly.

Another thing is that I’m not sure on what types of files you are talking about here. If Finance have a financial system which they use (I can only hope they do!), then it would most likely be an oracle/SQL database which have to be backed up in a specific way.
As for other documents (say, M$ Office documents), permissinos should be able to be set exclusively, without affecting backups, but you haven’t told us how you back up your servers, so I cannot be sure.

Securing M$ Office documents

In reply to The problem I see here

It’s the M$ office documents that I’m worried.

For Windows, even if permission is set exclusive to them, the admins will be able to take ownership and view them.

We’re using Symantec BackupExec and will be shifting to Asigra.

Are the IT personel in-house?

In reply to Securing M$ Office documents

If so, then it shouldn’t matter who can take ownership of them.
At any rate, there would need to be a network account for your backup system that has access full domain access. The last thing they’d want is to not have their financial data backed up.
I suggest that the IT dept. will always want to have a way to get access to the files in case something happens and they need to be looked at.
Otherwise, the finance group could find an outsourced application to maintain their data. (eg:external payroll system)

Or maybe to get over this entirely

In reply to Are the IT personel in-house?

They could Outsource the Finance and HR Sections who lack the Trust to accept that the Network Admins have a job to do as well.

If the network Admins do not have access to all of the data it’s not safe in the event of something happening. What is more important the lack of trust in staff or the Data which could be completely lost in the event of a fire/flood/hurricane?

or perhaps lots of Company Paid Therapy for those staff with Trust Issues would be a good starting point. Maybe even terminating their employment because of their Physiological Problems and replacing them with stable people could be a way to go here. What many people fail to understand is that while a Admin may be able to look it doesn’t mean that they have the time to waste looking to begin with. Do the same people complain that the CEO/Owner can look whenever they like and demand ways to prevent this from happening? 😉

Col

[Author]

Replies