Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

removing domain admins from a folder

our security team need to secure some sensitive documents on a file share. the audit team have asked about the implications/practicality of even removing the local admins and domain admins group from the folders DACL. what issues/support risks does removing the admins from the folder cause, is it even possible?
0
pma111
Asked:
pma111
1 Solution
 
Alex Green3rd Line Server SupportCommented:
Hi there,

Yes it is possible, no you shouldn't do it, main reasons are the following

1. We can still take ownership of the folder, takes a bit of fiddling but it's quite easy

2. Backups could fail as the backup service account is normally a Domain Admin

3. We won't be able to fix issues if they arise without blowing apart the security structure

4. We can still modify our accounts with the active directory group associated with that folder.

5. Extra administration will be required.


The thing is, as an IT professional we should be trusted with all and any data that is held on the network. It's our responsibility to maintain the infrastructure and ensure that it's all running smoothly. I seriously doubt anyone will be interested in going into that folder to see what's in there.

I assume it's either HR or Finance that have requested this?

Cheers

Alex
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now