Solved

Is it possible to prevent a system administrators from accessing certain folders on a network share ?

Posted on 2016-09-04
7
34 Views
Last Modified: 2016-10-22
Our CFO / owner doesn't want our systems administrators to have the same access to all the data that the CFO has.  How would you prevent an administrator to access folders on a server that they manage ?
0
Comment
Question by:SAGE Dining
7 Comments
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 100 total points
ID: 41784237
Rights Management. Then the CFO can be informed each time you even try to access them.
Azure RMS or Windows RMS.
0
 
LVL 18

Assisted Solution

by:Mal Osborne
Mal Osborne earned 200 total points
ID: 41784245
That can kinda sorta be done in a variety of ways, simplest is to just edit file permissions.

In every site I have looked after, doing this causes problems; usually the same person who wanted the IT department to not have access requests an antivirus check, changes to permissions or restoring backups within a few months. You will need to impress upon the owner that this data becomes THIER problem, not ITs.
0
 
LVL 11

Accepted Solution

by:
andreas earned 100 total points
ID: 41784256
Use encryption, this way admin can have physical access to the files, e.g. for backup and restore, but admins cannot read the content of the files as they don't have the keys.

But the decryption Keys are only in the hands of the users who need access.

File permissions, and file access auditing can be removed by the admins. The encryption cannot be cracked if the keys are stored safly (e.g. use smartcards).

Drawback, if the decryption Keys get lost or damaged, there is no way to restore the data.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 100 total points
ID: 41784299
+1 for encryption. That's the only sensible way to protect data in an electronic world.

A system administrator will always be able to take ownership of the files and do whatever he/she wants.
Yes, the CFO will be notified... if the system administrator does not disable that notification.

I think having full and unrestricted access is one of the "must have"s of the system administrator's position. If you can't trust him, it's better to just look for a more trustworthy person.
Or switch to paper records.

HTH,
Dan
0
 
LVL 18

Assisted Solution

by:Mal Osborne
Mal Osborne earned 200 total points
ID: 41784307
Yep, and I can pretty much guarantee the if end users start encrypting files, IT will be called on to decrypt them at some point.  You need to send and (and keep) and email explaining clearly and unambiguously that if passwords are lost, so is the data.

IT departments having no access to data and the ability to decrypt  files are conflicting requirements. Expect the shit to hit the fan later down the track.
0
 

Author Comment

by:SAGE Dining
ID: 41784747
Encryption sounds like the correct direction.   Any recommendations on product ?
Requirements: 1) Able to easily secure and access files on local laptop  2) Able to secure folder / add files on Network Share and allow someone else access to the network shared folder if they have the 'secret' password.
Thank you for the assistance.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question