September 22nd, 2006, 07:51 PM
help me with power of "domain admin" user
help me with power of "domain admin" user ?
im a client of my office domain .
Im disable domain admin from my Administrators groups on my local computer and i was encrypted my document folder with only my user permition . but i think, domain admin can disable and access my computer resource .
any one can have good idea for me ?
pls send email to me : firstname.lastname@example.org
thank a lot
September 22nd, 2006, 08:12 PM
Your screwed. Domain admin can ALWAYS get their permissions back on a domain machine. There is no way to restrict permissions from domain admin. Domain admin is also the primary RA for EFS.. So again.. not a thing you can do about it other than leaving the domain.. It is, after all, not your computer, but your works computer.
If you don't want something on your WORK computer being accessed by the system administrator, don't do it on that computer.. Pretty simple eh?
September 22nd, 2006, 09:59 PM
Yeah mohaughn is right. Also there should be no reason that you would want to remove your computer from the domain, your work put it on there for a reason and they probably want it to stay that way.
What you could do, although some places have rules against this, is to bring in a portable HD or JumpDrive and put stuff on that. You should check the rules before you do this though.
You could also encrypt your files using something other than EFS, maybe PGP or similar. Again, your work may not like you doing this so check the rules first.
I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey
September 22nd, 2006, 10:20 PM
I am sorry, I do not understand what you are trying to do?
1. If this is an "office computer" that is, it belongs to your work, then you should be on your domain and your work should be backed up on your local server?
2. You should not have private data on an office machine. Even if it is encrypted, you are still vulnerable because the machine is not secure all the time. Others can access it whilst you are away from work?
3. You must never install unauthorised software on an employer's machine. I can assure you that if anything goes wrong that will be the first thing that the administrators will blame. I say that even though there may be no "rules" that stop you.
Hey, when I used to do that sort of thing I had two machines that I was personally responsible for, so any problems were only mine to sort out. I only EVER used the network/domain administrator credentials for work that required it. Development and testing must be done outside the network in the first instance. To be honest, that suits me fine as well, as it removes some potential complications
September 22nd, 2006, 11:32 PM
.. dont wast your breath in this thread.. our little (or large) CN Friend has probably laced any and all the forums he/she could find and is waiting for the mail to arrive..
MODs how about editing out the Mail addy? If the little dick was interested in the information we could comment that he could use trucrypt.. but that answer is only available on this site not by email.. I charge extra for email support
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
September 22nd, 2006, 11:47 PM
Hi Undies~ he is VN?.................... perhaps I should use my Hanoi e-mail account to respond?
September 25th, 2006, 06:12 PM
thankyou so much every body !
CEO of my company think : if he joined his computer to domain so domain admin can see his documents . how i can explain with him because his not using notebook or other device and my company rule seting some policy : computer mush join to domain can access internet or checking email, access file sharing ... .so he only want using desktop computer .
September 25th, 2006, 06:46 PM
Well ...that can all be done with a permission settings\password protection...or encryption....
The server admin needs access to all files to manage and back them up....doesnt have to be able to open them though
and if he doesnt trust your domain admin.....why did he hire him
How people treat you is their karma- how you react is yours-Wayne Dyer
September 26th, 2006, 05:00 PM
The "solutions" in so far as there are any would seem to be:
1. Give your CEO some file/folder encryption application.
2. Give him another computer for "secure" work, that is not attached to the network.
#1 will allow his work to be saved along with the rest of the network.
#2 is more expensive as he will need two machines (if he wants to use the network) and he must remember to back up his own work.