My company has a Windows 2000 domain with various member servers including a NAS running Appliance Server 2003.
By company policy there are two people that have Domain Administrator level access, myself and one other. Based on some comments he's made recently I suspect that he's been digging into files on the NAS that shouldn't be seen by him. I did explicitly deny him access on some shares, but as a domain admin he can simply reset the permissions.
My question is how to monitor his activities and how to prevent his access to sensitive files?