Solved

removing domain admins from a folder

Posted on 2014-02-04
1
321 Views
Last Modified: 2014-02-04
our security team need to secure some sensitive documents on a file share. the audit team have asked about the implications/practicality of even removing the local admins and domain admins group from the folders DACL. what issues/support risks does removing the admins from the folder cause, is it even possible?
0
Comment
Question by:pma111
1 Comment
 
LVL 9

Accepted Solution

by:
Alex Green earned 500 total points
ID: 39832452
Hi there,

Yes it is possible, no you shouldn't do it, main reasons are the following

1. We can still take ownership of the folder, takes a bit of fiddling but it's quite easy

2. Backups could fail as the backup service account is normally a Domain Admin

3. We won't be able to fix issues if they arise without blowing apart the security structure

4. We can still modify our accounts with the active directory group associated with that folder.

5. Extra administration will be required.


The thing is, as an IT professional we should be trusted with all and any data that is held on the network. It's our responsibility to maintain the infrastructure and ensure that it's all running smoothly. I seriously doubt anyone will be interested in going into that folder to see what's in there.

I assume it's either HR or Finance that have requested this?

Cheers

Alex
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question