I have a network where we have two domain admins - one of them has full access to all files, while the other does not need to be able to see all documents. We do trust that other person, however, for legal reasons, we need some sort of "firmer differentiation". Right now domain admins doesn't have access to any of the secured folders - however, I know that as a domain admin they can easily just take over ownership of a whole folder & then have access to it. It may be months before I would even know that happens as I do not actively check that. That said, I am looking to see if there is any application that can be added a file server that notifies me when any ownership or permissions are changed? (preferally via email or some other traceable method). This would also help me in documenting changes to share permissions.
Along those same lines, are there any applications out there that can look at a single share (or better yet a full drive on a server) & then do a diagram of the permissions that are on each folder? I need to work on building a permissions map for my disaster recovery & it would be a lot easier than going through on each folder.
Thanks ahead of time for your help.