In addition to previous poster.
The first rule of security is physical access to protected resources. You
should make your management aware that even if one lacks proper NTFS/File
Share permissions, the person with unrestricted physical access can gain
access to the protected data, for example thru imaging software, backups,
"borrowing" one half of mirrored volume etc.
The proper security setup includes several levels:
1. Physical access. Control and monitor physical access by using electronic
door locks that register each entry to the server room.
Place cameras that cover and record startegic places.
Place large window on your server room so that people can see who is in the
server room at all times (prevents sneaking into the server room).
Use work tracking system (either electronic or classical written notebook)
that requires that each visit to the server room is documented.
2. Encryption. Use some sort of encryption of sensitive data. EFS system is
very good, but requires carefull planning, implementation and safe keeping
of encryption/decryption keys.
3. Multifactor authentication. Implement smartcard logon for sensitive job
roles.
4. IPSec to protect data while in transit. Using IPSec, you can also
restrict from which physical workstations the data on the file share is
accessible. For example user Jane can access financial data from her
workstation at work, but cannot VPN from her home computer.
"Sarah Francis" <> wrote in message
news:e3ecb551-99e7-4219-b582-...
> Hello, I am the assistant to the IT manager at my company. He wants me
> to be able to fully administer users and printers, but doesn't want me
> to have unlimited access to our file server, where, for example,
> confidential HR and financial information are stored. I am considered
> a "LocalAdmin"
>
> Without DomainAdmin rights, however, I am unable to, for example,
> deploy printers. At the very last step of the process I get the
> follwing errors:
>
> " Deploying printer connection '\\svr-hbg\HBG - SouthCopyMFP' to per
> user GPO 'Default Domain Policy' failed. Access is denied.
>
> Deploying printer connection '\\svr-hbg\HBG - SouthCopyMFP' to per
> machine GPO 'Default Domain Policy' failed. Access is denied. "
>
> I am told this is due to some Active Directory setting or group that I
> have not been assigned or added to.
>
> Thanks in advance for the help!
>
>
|
Similar Threads
Linear Mode
