Improve company productivity with a Business Account.Sign Up

x
?
Solved

securing HR users home drives

Posted on 2016-08-10
5
Medium Priority
?
55 Views
Last Modified: 2016-08-19
Hello.

I'm trying to figure out a way to secure HR/management users home drives. Currently we have the HR users home drives on the file and print server along with the rest of the users. this is a security risk because any admin with access will be able to get in there and snoop around. I'm wondering how other companies secure the HR users home drives on the network. Any input or suggestion will be greatly appreciated. Don't forget, we can't just take there server containing their home drives off of the network because backups have to occur as well.
0
Comment
Question by:Newguy 123
5 Comments
 
LVL 15

Accepted Solution

by:
Schnell Solutions earned 1500 total points
ID: 41751056
One important detail is that whoever administer the data needs to be a trusted person. If the current admin is not trusted for that then in HR area you will need to have someone administering specifically that data (server or any other that it could imply).

There is also something more... let's call it 'reactive', it is the audit systems that is in place. Systems are suppose to track all the accesses and operations made with sensible data.

The big organizations they have their own IT guys inside the HR department, small companies trust the administrator, because that is the only way that the administrator can protect the data in all the layers.

One approach that you can use, is something like 'partial' security, where HR can use protection at other security layers, such as file encryption, keep the information inside a DB that encrypts the information and just RD have access to this interface... but again... it means that HR will be administering these layers, and not the administrator.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 41751060
Your admins MUST be trusted or they shouldn't be your admins.  PERIOD.

Any admin can gain access to the data at any time.  PERIOD.  They have to to properly administer the server.  You can block "casual" and "accidental" views by removing the domain admins group from the list of users who can access the folders, but admins can always take ownership of the files.

You can encrypt the files using EFS or other means but be careful as losing the encryption keys can permanently lose the data.
0
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 41751070
Its all about permissions, you can give or take away access to any user and/or group.

If their all in the same folder structure and you have admins you don't want to go poking around then you can assign only certain admins that get access (always need at least one). I usually setup a group and then add those i want to have access to the group then apply it to the folder structure.
0
 
LVL 6

Expert Comment

by:Laroy Shtotland
ID: 41751192
Don't mess with your admins, but if you dare, learn how to use encryption first. Microsoft built-in BitLocker or EFS is easy and secure enough.
0
 
LVL 10

Expert Comment

by:Vince Glisson
ID: 41752074
If your the one who decides which admins get access to what areas of your system then your not messing with them your delegating responsibility. Just because they are an admin doesn't mean they get unrestricted access to everything. It's irresponsible to do that. if they don't need access then you don't give it to them. If you setup EFS an you have a slow net you'll see a performance hit, if it's encrypted then it will need to be decrypted, so users who access a lot of  files may notice some slowness.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question