setting up a secluded security group

Currently running MS server 2003.
I have a client requesting a security group be created with the following terms:

only a selected members will have access to folders shares and PC's
Exceptions will be none: including Domain Admins etc...

Adding and removing users to this group will be Only managed by themselves
once again no Domain admin etc will have the ability to add and remove user.

Is this possible? if so how to go about setting this up?

JustsolutionsAsked:
Who is Participating?
 
Chris DentPowerShell DeveloperCommented:
> Is this possible?

No.

You can't secure things against Domain Admins using AD. Anything a Domain Admin can do, another Domain Admin can undo.

If they need it to be secure / private, consider Encryption (perhaps GPG). I can't help but doubt the suggestion will be well received, but there we go.

Chris
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Sort of. Domain admins can seize ACL permissions still. To get started.

1. Create the group.
2. Right click on group and go to properties.
3. Go to  the security tab
4. Remove every group/user
5. Add in the security group in question and give them full control.
0
 
Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.