help me with power of "domain admin" user
Results 1 to 9 of 9

Thread: help me with power of "domain admin" user

  1. #1
    Junior Member
    Join Date
    Nov 2002
    Posts
    2

    help me with power of "domain admin" user

    help me with power of "domain admin" user ?

    im a client of my office domain .
    Im disable domain admin from my Administrators groups on my local computer and i was encrypted my document folder with only my user permition . but i think, domain admin can disable and access my computer resource .
    any one can have good idea for me ?
    pls send email to me : anhnn@icb.com.vn
    thank a lot

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Your screwed. Domain admin can ALWAYS get their permissions back on a domain machine. There is no way to restrict permissions from domain admin. Domain admin is also the primary RA for EFS.. So again.. not a thing you can do about it other than leaving the domain.. It is, after all, not your computer, but your works computer.

    If you don't want something on your WORK computer being accessed by the system administrator, don't do it on that computer.. Pretty simple eh?

  3. #3
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    Yeah mohaughn is right. Also there should be no reason that you would want to remove your computer from the domain, your work put it on there for a reason and they probably want it to stay that way.

    What you could do, although some places have rules against this, is to bring in a portable HD or JumpDrive and put stuff on that. You should check the rules before you do this though.

    You could also encrypt your files using something other than EFS, maybe PGP or similar. Again, your work may not like you doing this so check the rules first.
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    I am sorry, I do not understand what you are trying to do?

    1. If this is an "office computer" that is, it belongs to your work, then you should be on your domain and your work should be backed up on your local server?

    2. You should not have private data on an office machine. Even if it is encrypted, you are still vulnerable because the machine is not secure all the time. Others can access it whilst you are away from work?

    3. You must never install unauthorised software on an employer's machine. I can assure you that if anything goes wrong that will be the first thing that the administrators will blame. I say that even though there may be no "rules" that stop you.

    Hey, when I used to do that sort of thing I had two machines that I was personally responsible for, so any problems were only mine to sort out. I only EVER used the network/domain administrator credentials for work that required it. Development and testing must be done outside the network in the first instance. To be honest, that suits me fine as well, as it removes some potential complications
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    .. dont wast your breath in this thread.. our little (or large) CN Friend has probably laced any and all the forums he/she could find and is waiting for the mail to arrive..

    MODs how about editing out the Mail addy? If the little dick was interested in the information we could comment that he could use trucrypt.. but that answer is only available on this site not by email.. I charge extra for email support
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Undies~ he is VN?.................... perhaps I should use my Hanoi e-mail account to respond?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Junior Member
    Join Date
    Nov 2002
    Posts
    2
    thankyou so much every body !
    CEO of my company think : if he joined his computer to domain so domain admin can see his documents . how i can explain with him because his not using notebook or other device and my company rule seting some policy : computer mush join to domain can access internet or checking email, access file sharing ... .so he only want using desktop computer .

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well ...that can all be done with a permission settings\password protection...or encryption....

    The server admin needs access to all files to manage and back them up....doesnt have to be able to open them though

    and if he doesnt trust your domain admin.....why did he hire him

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hmmmm,

    The "solutions" in so far as there are any would seem to be:

    1. Give your CEO some file/folder encryption application.
    2. Give him another computer for "secure" work, that is not attached to the network.

    #1 will allow his work to be saved along with the rest of the network.

    #2 is more expensive as he will need two machines (if he wants to use the network) and he must remember to back up his own work.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •