General discussion

Locked

Protect data on ntwrk srvr from Admins

By Sheesh Beesh ·
Hello,

One of our sites deals with very sensitive data, consisting of files and a SQL database. They want to be able to protect this data so ONLY certain users (which does not include the domain admin) can access it. What type of solution can be implemented on this network server to make protected data available to all users at this site, but protect it from access/forced entry from everyone else (including domain admins).

Your help is greatly appreciated.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Protect data on ntwrk srvr from Admins

by timwalsh In reply to Protect data on ntwrk srv ...

As long as you are using ONLY permissions to control access, the bottom line is that the domain administrator has the ability to get at ANYTHING he chooses to access.

You can set permissions so that an administrator does not have access. However, if the administrator decides he wants access, all he has to do is take ownership of the files and change permissions to allow himself access.

Your only choice will be some sort of third-party file encryption solution and provide the decryptionkey to only those people who need access.

Being a network administrator, I will now put in a plug for all network administrators. By trying to find a solution to TOTALLY deny a network administrator access to certain data/files, you are tying his hands in his ability to solve problems when they occur.

The network administrator position is usually one of special trust, because he normally does have the "keys to the kingdom" as far as data residing on network servers. If the administrator is ethical and trustworthy, merely removing his permission to access files will prevent any inadvertent access. His ethics and honesty will prevent his getting curious to the point of peeking. If you have reason to distrust the network administrator, you shouldn't leave him in that position. My two cents worth!

Collapse -

Protect data on ntwrk srvr from Admins

by Sheesh Beesh In reply to Protect data on ntwrk srv ...

Thanks. Sorry I did not specify third Party Soultion. I need to find out how I can do this w/o ms.

Collapse -

Protect data on ntwrk srvr from Admins

by Sheesh Beesh In reply to Protect data on ntwrk srv ...

Just to Clarify, I am aware that this is impossible using just windows security and permissions. I need some sort of 3rd party solution... but what? Smart cards? I dunno.

Collapse -

Protect data on ntwrk srvr from Admins

by bcbvale In reply to Protect data on ntwrk srv ...

If you remove DOMAIN ADMINS from the ADMINISTRATORS group on the local machine they will not be able to access that machine.

You can also remove any other accounts, domain or otherwise, that you do not want to be able to log on and add the ones that you do want to allow access.

This does work as we use it for sensitive servers in our environment often.

ChrisV

Collapse -

Protect data on ntwrk srvr from Admins

by Sheesh Beesh In reply to Protect data on ntwrk srv ...

Thanks for your reply, I still need to manage the server, just certain data on it, I want to secure from everyone else but users at the site.

Collapse -

Protect data on ntwrk srvr from Admins

by Sheesh Beesh In reply to Protect data on ntwrk srv ...

This question was closed by the author

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums