Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

removing domain admins from a folder

Posted on 2014-02-04
1
Medium Priority
?
342 Views
Last Modified: 2014-02-04
our security team need to secure some sensitive documents on a file share. the audit team have asked about the implications/practicality of even removing the local admins and domain admins group from the folders DACL. what issues/support risks does removing the admins from the folder cause, is it even possible?
0
Comment
Question by:pma111
1 Comment
 
LVL 14

Accepted Solution

by:
Alex Green earned 2000 total points
ID: 39832452
Hi there,

Yes it is possible, no you shouldn't do it, main reasons are the following

1. We can still take ownership of the folder, takes a bit of fiddling but it's quite easy

2. Backups could fail as the backup service account is normally a Domain Admin

3. We won't be able to fix issues if they arise without blowing apart the security structure

4. We can still modify our accounts with the active directory group associated with that folder.

5. Extra administration will be required.


The thing is, as an IT professional we should be trusted with all and any data that is held on the network. It's our responsibility to maintain the infrastructure and ensure that it's all running smoothly. I seriously doubt anyone will be interested in going into that folder to see what's in there.

I assume it's either HR or Finance that have requested this?

Cheers

Alex
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question