Keeping Network Admin from accessing users’ home directories
Administration, Administrative privileges, Data Center in 2010, Data Center management, Home Directory, Network administration, Network Administrator
We do not want our network administrator to have access to users home directories. How can we make this happen?
Software/Hardware used:
Software/Hardware used:
ASKED:
November 9, 2010 3:54 PM
UPDATED:
November 19, 2010 3:37 PM
Answer Wiki:
Depending on how you do permissions you can remove administrator from the access list either in active directory or NTFS permissions. Just log on as administrator and right click on whatever you wish to remove permissions from and share options and remove the administrator. Just be sure that someone has full control over the folder to make changes and perhaps make a back up account that has full access in case something happens to the owner of that account. The only thing is if he has full domain admin controls like mentioned he could potentially revert this change. So if it is a trust issue you probably look into replacing this guy or knocking him down on the permissions list to power user not administrator.
To see all answers submitted to the Answer Wiki: View Answer History.
What is the domain functional level and the OS of the server on which the folders are kept?
If your network admin is a member of the domain admin group that makes it difficult, but not impossible. He/she could always take ownership of the files, and then revert access back again.
Plus you could always audit the files and see when they were viewed or modified, if you have a reason the believe that the admin may be going where he/she is not supposed to be.
I agree with Technochic, you need to give some more info on this issue, and the OS’s being used.
I think this is not possible without Administrator right. If general user have right to control home directories other than Administrator, hope it will possible. Or u have to use a 3rd party Sw for this purpose. But remember without knowledge don’t do that !