Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

(Possible) Rogue Domain Admin: How to control / monitor access?

Posted on 2007-03-25
6
Medium Priority
?
353 Views
Last Modified: 2013-12-04
My company has a Windows 2000 domain with various member servers including a NAS running Appliance Server 2003.

By company policy there are two people that have Domain Administrator level access, myself and one other.  Based on some comments he's made recently I suspect that he's been digging into files on the NAS that shouldn't be seen by him.  I did explicitly deny him access on some shares, but as a domain admin he can simply reset the permissions.

My question is how to monitor his activities and how to prevent his access to sensitive files?


Thanks!
0
Comment
Question by:roberts0909
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 200 total points
ID: 18789825
take away domain admin priviliges. No matter what you do, he can break it with enough persistance
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 200 total points
ID: 18789834
Agreed.

Remove Domain Admin rights and Delegate the rights he needs.  This will only allow him to do whatever it is you've allowed.
0
 
LVL 6

Assisted Solution

by:e_vanheel
e_vanheel earned 400 total points
ID: 18789929
You could also turn on logging in the file system or login for the NAS.  This would you to setup auditing and monitor the log files.  

http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/13w2kadc.mspx

Look at the audit sections
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 70

Expert Comment

by:KCTS
ID: 18789961
Make sure that the nooo genuine administrators use the 'Adiminstrator' logon. Create individual accounts for all administrators and grant them the required rights. Rename the real 'Administrator' account and give it a long complex password. Write down the new administrator account name/password and store them in the safe or similar secure placed for use in an emergency.

Switch on Auditing either by amending. To audiit permission chnages you need to enable auditing for successful object access events, either by amedind the local machine policy or by using  a group policy. Either way, set the Audit object access policy under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy to record Success.

To enable auditing of particular folders, open each folder's properties dialog box, select the Security tab, click Advanced, and select the Auditing tab of the Advanced Security Settings window. You want to monitor only for a successful change an object's ACL. Add or ammend the Everyone group and in the  Audit Entry for the folder make sure that the 'Change permissions'  option is selected of the folder. By aditing 'Everyone' you will be able to track whenever anyone changes the permissions - enen if they subsequently chnage them back.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 1200 total points
ID: 18789975
Don't know what happend there - i'll try again:
Make sure that no genuine administrators use the 'Adiminstrator' logon. Create individual accounts for all administrators and grant them the required rights. Rename the real 'Administrator' account and give it a long complex password. Write down the new administrator account name/password and store them in the safe or similar secure placed for use in an emergency.Do not use it routinely.

Switch on Auditing. To audiit permission changes you need to enable auditing for successful object access events, either by ameding the local machine policy or by using  a group policy. Either way, set the Audit object access policy under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy to record Success for Object Access.

To enable auditing of particular folders, open each folder's properties dialog box, select the Security tab, click Advanced, and select the Auditing tab of the Advanced Security Settings window. You want to monitor only for a successful change an object's ACL. Add or ammend the Everyone group and in the  Audit Entry for the folder make sure that the 'Change permissions'  option is selected of the folder. By aditing 'Everyone' you will be able to track whenever anyone changes the permissions - even if they subsequently chnage them back.
0
 

Author Comment

by:roberts0909
ID: 18792663
Thanks all!
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question