Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin (
More info?)
"Dmitry Kopnichev" <kopn@hotbox.ruDELETE> wrote in message
news:ON8mxuEiFHA.320@TK2MSFTNGP09.phx.gbl...
> "Admins having full access to everything by default" is the cause of CDs
> with sensitive information appearing on a black market. Some Admins steal
> personal information about customers, especially, users of mobile
> networks, owners of properties, money orders logs, bank transactions logs,
> etceteras, before changing work. These information is invaluable for
> criminals, thieves, robbers, killers for searching for their victim.
> Admins do not lose much if a company loses its sensitive information. They
> can always find another work, but owners lose money and top managers work
> and their credit.
You have several options. Most of the computer related ones have already
been explained to you. If none of those work for you, you will have to do
some more research. Personally I believe you need to rethink you company's
hierarchy. If your data is that sensitive you need to do one of two things.
Hire someone you trust to manage your network. Train an existing empoyee you
trust to manage your network. If it is so lucrative to steal your data then
you can afford to pay someone enough that they won't steal your data. Most
organizations and governments have policies to deal with this issue. In the
end what it comes down to is trust. It sounds like you don't have any. You
could physically search your admin as he leaves the building.
Kerry
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.1d3f031b7b4482ce9899da@news-server.columbus.rr.com...
>> In article <OC#sKZ7hFHA.2916@TK2MSFTNGP14.phx.gbl>, kopn@hotbox.ruDELETE
>> says...
>>> Only General manager is supposed to see all the information. But he will
>>> not
>>> administrate the network himself of course. General manager has even a
>>> second computer separate from the Admins network to keep information
>>> securely. Our Admin is two times younger than most of our specialists
>>> and
>>> has only computer education and is not devoted to our business as the
>>> General manager is. A company can never take just a computer specialist
>>> into
>>> it's confidence, can never entrust all its commercial information to
>>> him.
>>
>> You are COMPLETELY WRONG. A good network admin will be vested in the
>> company with all their heart and desire. They will always look to
>> protect the network and it's data. They have full access to everything
>> by default and can take ownership of anything they want. If you don't
>> trust the Admin then you are in a bad spot, as the Admin can do many
>> things without you even finding out about it.
>>
>> Now, to protect you against an rogue Admin, you need a second Admin that
>> is used to check the other admin - in fact, both check each other for
>> doing things that should not be done. Both Admins have full access to
>> all resources, it's the nature of the networks.
>>
>> If you don't want an Admin to have access, then setup another network,
>> managed by someone you trust at the moment, and don't give the Admin any
>> access to it.
>>
>> In every company I've worked for or designed the network for, the Admin
>> group (sometimes 1 person, but normally more than 1) has full access to
>> all resources, even if they don't use them.
>>
>> If the Admin can't reach all resources, then they can't properly do
>> their job - which is Network security, Resource Protection, support of
>> users, disaster recovery planning and testing, and monitoring for
>> unapproved activity (yea, there are more).
>>
>>
>> --
>> --
>> spam999free@rrohio.com
>> remove 999 in order to email me
>
Facebook
Twitter
Instagram