Solved

removing domain admins from a folder

Posted on 2014-02-04
1
319 Views
Last Modified: 2014-02-04
our security team need to secure some sensitive documents on a file share. the audit team have asked about the implications/practicality of even removing the local admins and domain admins group from the folders DACL. what issues/support risks does removing the admins from the folder cause, is it even possible?
0
Comment
Question by:pma111
1 Comment
 
LVL 6

Accepted Solution

by:
alexgreen312 earned 500 total points
ID: 39832452
Hi there,

Yes it is possible, no you shouldn't do it, main reasons are the following

1. We can still take ownership of the folder, takes a bit of fiddling but it's quite easy

2. Backups could fail as the backup service account is normally a Domain Admin

3. We won't be able to fix issues if they arise without blowing apart the security structure

4. We can still modify our accounts with the active directory group associated with that folder.

5. Extra administration will be required.


The thing is, as an IT professional we should be trusted with all and any data that is held on the network. It's our responsibility to maintain the infrastructure and ensure that it's all running smoothly. I seriously doubt anyone will be interested in going into that folder to see what's in there.

I assume it's either HR or Finance that have requested this?

Cheers

Alex
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now