locked
Preventing administrator access to folders RRS feed

  • Question

  • Is there a way to prevent network administrators from granting themselves access to certain folders (for example, the company owner's high level files) using folder permissions. What I would like is to be able to set up folders so that no access or changes are possible by anyone other than the folder owner without their password, and for the administrator to be unable to take ownership.

    I know one option is folder encryption, but the business owner prefers not to have to use another password once he is logged on to the network.

    Thanks in advance.
    Tuesday, December 8, 2009 7:23 PM

Answers

  • No -- or, at least Network Acess Protection (NAP) cannot help you with this.
    • Marked as answer by Mervyn Zhang Friday, December 11, 2009 8:26 AM
    Wednesday, December 9, 2009 8:30 AM
  • NAP wont help you with this.... moreover, the System Administrator will always be able to take ownership of any file / folder.

    EFS encryption will satisfy your requirements without being prompted for credentials. You will need to setup a PK infrastructure and issue EFS Certificates and an EFS Recovery Agent Certificate for disaster recovery.

    Have a look at this Technet Article on EFS Encryption

    Keep in mind that without EFS or another encryption method, any "Administrator" will be able to take ownership of any file. This is by design.


    • Proposed as answer by Tomer Alpert Friday, December 11, 2009 12:54 AM
    • Marked as answer by Mervyn Zhang Friday, December 11, 2009 8:26 AM
    Wednesday, December 9, 2009 11:54 PM

All replies

  • No -- or, at least Network Acess Protection (NAP) cannot help you with this.
    • Marked as answer by Mervyn Zhang Friday, December 11, 2009 8:26 AM
    Wednesday, December 9, 2009 8:30 AM
  • NAP wont help you with this.... moreover, the System Administrator will always be able to take ownership of any file / folder.

    EFS encryption will satisfy your requirements without being prompted for credentials. You will need to setup a PK infrastructure and issue EFS Certificates and an EFS Recovery Agent Certificate for disaster recovery.

    Have a look at this Technet Article on EFS Encryption

    Keep in mind that without EFS or another encryption method, any "Administrator" will be able to take ownership of any file. This is by design.


    • Proposed as answer by Tomer Alpert Friday, December 11, 2009 12:54 AM
    • Marked as answer by Mervyn Zhang Friday, December 11, 2009 8:26 AM
    Wednesday, December 9, 2009 11:54 PM