Folder security

[Peter Jensen]

I'm the networkadministrator in a company, so I of course have administrator
rights of all the Windows 2000 servers.

Now, the owner of the company will have a folder, where he is the only
person who have rights. In other words, I'm not allowed to have any rights
at all on the folder !

Is that possible to make a folder, with NO RIGHTS at all for the
administrator ? If YES, how ?

 

[Danny Sanders]

Yes, create the folder and share it. Remove everyone and add only the
company owner for permission to access the folder.

hth
DDS W 2k MVP MCSE

 

[Paul Adare]

microsoft.public.win2000.security news group, Danny Sanders

Yes, create the folder and share it. Remove everyone and add only the
company owner for permission to access the folder.

Which really still doesn't solve the problem as the administrator can
still take ownership of the folder in question and then change the
permissions.

 

[Danny Sanders]

Which really still doesn't solve the problem as the administrator can

still take ownership of the folder in question and then change the
permissions.

Agreed, but if you can't trust the administrator to not do this, you need
another admin.

DDS

 

[Steven L Umbach]

Yes you can do that as Danny mentioned, but another possibility is that the owner
consider using a physically secured non domain computer where he is the only
administrator and possibly EFS encryption ONLY if he understands the risks involved
in that data may not be safe as long as private keys for the user/recovery agent are
still on the computer and that if the keys are not backed up the data can be lost
forever. If he wants his data on a computer where their are other administrators,
then he will have to accept the risk as a tradeoff for the convenience. --- Steve