• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Lock a directory from Administrator Access

I'm the owner of a business. I have a Network Administrator that I would like to give access to our file server to perform standard network admin activities on (patches, app installs, backups, etc.), however there are certain files I would not like him to access on that server (HR, Payroll, personal, etc.).

Is  there a permissions setting or something I can give him that lets him do network admin stuff on the server but prevents him from having access to sensitive data?

Or would I need some kind of third party app to lock those directories?

Thanks.
0
CANLLC
Asked:
CANLLC
  • 2
  • 2
  • 2
  • +3
2 Solutions
 
Glen KnightCommented:
You can lock them down by simply specifying the deny permission for te user account he logs in as.  By right clicking on the folder itself and select
properties then security.

Add the user in then specify the full access deny permission.

However as a techie myself I would say that at some stage you need to trust your IT staff and their professionalism.  They have a job to do, ensuring ALL your data is backed up if you deny them access to the data they cannot back it up.  If you use a service account for your backups then this account will have access to your data and what's stopping the admin logging in sing this account?

Trust is key in IT administration!!
0
 
CANLLCAuthor Commented:
Thanks for the input. I do plan on giving them full access at a later date, however would like to get to know the person a bit first before I open up all the company secrets to them.

But back to your suggestion. Can't they simply log into the server and remove the deny permission and then continue on into the folder?
0
 
Glen KnightCommented:
Only if thy login using the Administrator account.  But if they really want to circumvent it they will be able to.

I am afraid there is no way to completely prevent an Administrator from access there is always wats around it.

What I would suggest if you don't already have one is some sort if network use policy that your employers sign.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Dave HoweCommented:
you could try using EFS - that's pretty effective, even against those with admin privileges.
0
 
senadCommented:
You can use a third party software
http://www.newsoftwares.net/folder-protect/
So only people who know the password can access it.
0
 
Dave HoweCommented:
There are good third-party solutions - folder-protect isn't one of them though; it is trivially bypassed by even a half-hearted admin - like most such things, it asssumes attackers won't have admin privileges or even be able to reboot using a linux live cd.

For a good third party solution you can use something like truecrypt - at its most paranoid, that uses all three AES finalists (including the winner) in turn for transparent encryption - but again, you are re-inventing the wheel. All copies of windows past Win2000 come with EFS, and that is proof against anyone not knowing an authorized user's password. There is a recovery agent system, but that doesn't have to be the Admin, nor does the Admin even need to know WHO it is... however, though domain policy an Admin can modify that (so you would need to perform occasional checks to make sure the recovery certificate hasn't changed)
0
 
AwinishCommented:
Universal shield is the third part tool,you can use to lock the access using password & even admin can't access until they have password which is used to lock.
 
0
 
Donald StewartNetwork AdministratorCommented:
You should use something like....
 
Protect Your Data With Encryption
0
 
senadCommented:
there are actually many tools...I just pointed to one of them....
Don't use them so cant tell you exactly what and how...
To find one that suits your needs just google ' lock folder' and
find what you need.
I personally avoid using these stuff ever since I had a bad experience long time ago with
a similar program (can't remember the name now).
But to do what you want I think you will have to use one of these tools.
Just please,be very careful when using the stuff not to loose a password or something similar...

0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now