[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

setting up a secluded security group

Currently running MS server 2003.
I have a client requesting a security group be created with the following terms:

only a selected members will have access to folders shares and PC's
Exceptions will be none: including Domain Admins etc...

Adding and removing users to this group will be Only managed by themselves
once again no Domain admin etc will have the ability to add and remove user.

Is this possible? if so how to go about setting this up?

1 Solution
Joseph MoodyBlogger and wearer of all hats.Commented:
Sort of. Domain admins can seize ACL permissions still. To get started.

1. Create the group.
2. Right click on group and go to properties.
3. Go to  the security tab
4. Remove every group/user
5. Add in the security group in question and give them full control.
Chris DentPowerShell DeveloperCommented:
> Is this possible?


You can't secure things against Domain Admins using AD. Anything a Domain Admin can do, another Domain Admin can undo.

If they need it to be secure / private, consider Encryption (perhaps GPG). I can't help but doubt the suggestion will be well received, but there we go.

Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now