Restrict Administrator from Access Including Taking Ownership
Posted on 2006-12-01
I am the IT admin for a company. The owner of the company wants to completely restrict his user folder to only himself - not even the administrator account is to have access - he very serious about this. I made him the only user in the folder's ACL with full control permissions. Administrators are no longer able to open his folder or access permissions on the folder, but they are still able to take owenship of the folder. This leaves a security hole that he finds unacceptable, since there are a couple of admins at the company that have access to this account.
I tried adding the administrator account and administrators groups to his folder ACL with deny permissions for take ownership and change permissions, but I can still login as Administrator and take ownership of his folder and then view its contents. He is unwilling to have this be possible and wants a solution ASAP. Any help would be appreciated. Thank you in advance for your help.