Access to a file

TheMSsForum.com: The Microsoft Software Forum

We have set up an agreement with an outrside andomistrator who will get from
us a full remote acess to our server.

I wander if there is any way not to allow him to access a disk with our
company data? Theoretically no problem but since he is an administrator he
will probably make an access to the drive.

Any advice?

Marek Staniewski
Top

Re: Access to a file by Merv

Merv
Sat Sep 27 16:35:40 CDT 2003

You mean this is an outside IT administrator who will be administering your
network for you (patches, SPs, troubleshooting, installations, etc.). If
so, he's going to have to have full administrator access to your server and
workstation wqhich means he can see (and do) anything. You'll have to lock
him down with a non-disclosure agreement. Check his references and make
sure you feel confortable with him.

--
Merv Porter [SBS MVP]
===================================

"Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
news:#NXhweThDHA.524@tk2msftngp13.phx.gbl...
> We have set up an agreement with an outrside andomistrator who will get
from
> us a full remote acess to our server.
>
> I wander if there is any way not to allow him to access a disk with our
> company data? Theoretically no problem but since he is an administrator he
> will probably make an access to the drive.
>
> Any advice?
>
> Marek Staniewski
>
>


Top

Re: Access to a file by Gizmo

Gizmo
Sat Sep 27 16:41:25 CDT 2003

Hey Merv...It might be a she...Dont want to upset the girls now... :-)


"Merv Porter" <mwport@hotmail.com> wrote in message
news:OBRt58ThDHA.1864@TK2MSFTNGP10.phx.gbl...
> You mean this is an outside IT administrator who will be administering
your
> network for you (patches, SPs, troubleshooting, installations, etc.). If
> so, he's going to have to have full administrator access to your server
and
> workstation wqhich means he can see (and do) anything. You'll have to
lock
> him down with a non-disclosure agreement. Check his references and make
> sure you feel confortable with him.
>
> --
> Merv Porter [SBS MVP]
> ===================================
>
> "Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
> news:#NXhweThDHA.524@tk2msftngp13.phx.gbl...
> > We have set up an agreement with an outrside andomistrator who will get
> from
> > us a full remote acess to our server.
> >
> > I wander if there is any way not to allow him to access a disk with our
> > company data? Theoretically no problem but since he is an administrator
he
> > will probably make an access to the drive.
> >
> > Any advice?
> >
> > Marek Staniewski
> >
> >
>
>


Top

Re: Access to a file by Gizmo

Gizmo
Sat Sep 27 16:48:44 CDT 2003

Sorry Merv just read Marek post again and he refers to the male gender so
the girls will let u off this one...


"Gizmo :-)" <dontwant@anymorespam.com> wrote in message
news:O7sEaAUhDHA.4468@TK2MSFTNGP12.phx.gbl...
> Hey Merv...It might be a she...Dont want to upset the girls now... :-)
>
>
> "Merv Porter" <mwport@hotmail.com> wrote in message
> news:OBRt58ThDHA.1864@TK2MSFTNGP10.phx.gbl...
> > You mean this is an outside IT administrator who will be administering
> your
> > network for you (patches, SPs, troubleshooting, installations, etc.).
If
> > so, he's going to have to have full administrator access to your server
> and
> > workstation wqhich means he can see (and do) anything. You'll have to
> lock
> > him down with a non-disclosure agreement. Check his references and make
> > sure you feel confortable with him.
> >
> > --
> > Merv Porter [SBS MVP]
> > ===================================
> >
> > "Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
> > news:#NXhweThDHA.524@tk2msftngp13.phx.gbl...
> > > We have set up an agreement with an outrside andomistrator who will
get
> > from
> > > us a full remote acess to our server.
> > >
> > > I wander if there is any way not to allow him to access a disk with
our
> > > company data? Theoretically no problem but since he is an
administrator
> he
> > > will probably make an access to the drive.
> > >
> > > Any advice?
> > >
> > > Marek Staniewski
> > >
> > >
> >
> >
>
>


Top

Re: Access to a file by Merv

Merv
Sat Sep 27 17:20:18 CDT 2003

You had me worried for a minute. That's all I need... 51% of the population
mad at me. :-)


"Gizmo :-)" <dontwant@anymorespam.com> wrote in message
news:#4BmfEUhDHA.4468@TK2MSFTNGP12.phx.gbl...
> Sorry Merv just read Marek post again and he refers to the male gender so
> the girls will let u off this one...
>
>
> "Gizmo :-)" <dontwant@anymorespam.com> wrote in message
> news:O7sEaAUhDHA.4468@TK2MSFTNGP12.phx.gbl...
> > Hey Merv...It might be a she...Dont want to upset the girls now... :-)
> >
> >
> > "Merv Porter" <mwport@hotmail.com> wrote in message
> > news:OBRt58ThDHA.1864@TK2MSFTNGP10.phx.gbl...
> > > You mean this is an outside IT administrator who will be administering
> > your
> > > network for you (patches, SPs, troubleshooting, installations, etc.).
> If
> > > so, he's going to have to have full administrator access to your
server
> > and
> > > workstation wqhich means he can see (and do) anything. You'll have to
> > lock
> > > him down with a non-disclosure agreement. Check his references and
make
> > > sure you feel confortable with him.
> > >
> > > --
> > > Merv Porter [SBS MVP]
> > > ===================================
> > >
> > > "Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
> > > news:#NXhweThDHA.524@tk2msftngp13.phx.gbl...
> > > > We have set up an agreement with an outrside andomistrator who will
> get
> > > from
> > > > us a full remote acess to our server.
> > > >
> > > > I wander if there is any way not to allow him to access a disk with
> our
> > > > company data? Theoretically no problem but since he is an
> administrator
> > he
> > > > will probably make an access to the drive.
> > > >
> > > > Any advice?
> > > >
> > > > Marek Staniewski
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Top

Re: Access to a file by Marek

Marek
Sun Sep 28 06:41:25 CDT 2003

Can I be a main administrator and the other one a sub-administrator, who has
different (very wide) priviledges but also that he cannot access some
settings (e.g. access to some drives or files)?

Marek Staniewski


U¿ytkownik "Merv Porter" <mwport@hotmail.com> napisa³ w wiadomo¶ci
news:OBRt58ThDHA.1864@TK2MSFTNGP10.phx.gbl...
> You mean this is an outside IT administrator who will be administering
your
> network for you (patches, SPs, troubleshooting, installations, etc.). If
> so, he's going to have to have full administrator access to your server
and
> workstation wqhich means he can see (and do) anything. You'll have to
lock
> him down with a non-disclosure agreement. Check his references and make
> sure you feel confortable with him.
>
> --
> Merv Porter [SBS MVP]
> ===================================
>
> "Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
> news:#NXhweThDHA.524@tk2msftngp13.phx.gbl...
> > We have set up an agreement with an outrside andomistrator who will get
> from
> > us a full remote acess to our server.
> >
> > I wander if there is any way not to allow him to access a disk with our
> > company data? Theoretically no problem but since he is an administrator
he
> > will probably make an access to the drive.
> >
> > Any advice?
> >
> > Marek Staniewski
> >
> >
>
>


Top

Re: Access to a file by Merv

Merv
Sun Sep 28 09:28:43 CDT 2003

There are times during some maintenance issues when the IT admin will need
to log into the server as Administrator and he will need to have the
Administator password. Once you give it to him, the game is up.

--
Merv Porter [SBS MVP]
===================================
"Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
news:OiMmuVbhDHA.1508@TK2MSFTNGP10.phx.gbl...
> Can I be a main administrator and the other one a sub-administrator, who
has
> different (very wide) priviledges but also that he cannot access some
> settings (e.g. access to some drives or files)?
>
> Marek Staniewski
>
>
> U¿ytkownik "Merv Porter" <mwport@hotmail.com> napisa³ w wiadomo¶ci
> news:OBRt58ThDHA.1864@TK2MSFTNGP10.phx.gbl...
> > You mean this is an outside IT administrator who will be administering
> your
> > network for you (patches, SPs, troubleshooting, installations, etc.).
If
> > so, he's going to have to have full administrator access to your server
> and
> > workstation wqhich means he can see (and do) anything. You'll have to
> lock
> > him down with a non-disclosure agreement. Check his references and make
> > sure you feel confortable with him.
> >
> > --
> > Merv Porter [SBS MVP]
> > ===================================
> >
> > "Marek Staniewski" <marek.staniewski@derco.com.pl> wrote in message
> > news:#NXhweThDHA.524@tk2msftngp13.phx.gbl...
> > > We have set up an agreement with an outrside andomistrator who will
get
> > from
> > > us a full remote acess to our server.
> > >
> > > I wander if there is any way not to allow him to access a disk with
our
> > > company data? Theoretically no problem but since he is an
administrator
> he
> > > will probably make an access to the drive.
> > >
> > > Any advice?
> > >
> > > Marek Staniewski
> > >
> > >
> >
> >
>
>


Top

Re: Access to a file by Steve

Steve
Sun Sep 28 10:04:11 CDT 2003

Merv Porter wrote:

> There are times during some maintenance issues when the IT admin will
> need to log into the server as Administrator and he will need to have
> the Administator password. Once you give it to him, the game is up.

Not necessarily. You could make him/her a member of Domain Admins
instead, and keep the Administrator account safe. DA's cannot touch the
Administrator account, but have almost all the rights/privileges that
Administrator has.

Alternatively, if lower privileges are all that is required, look at
the XXX Operators groups (eg Server Operators, Account Operators,
Backup Operators, etc.) or a combination of those groups. For example,
Account Operators can create and manage ordinary user accounts, but
cannot touch DA's or Administrators' accounts, nor can they create
DA/Admins accounts.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
Top

Re: Access to a file by Gizmo

Gizmo
Sun Sep 28 11:23:33 CDT 2003

Marek... Can you be more specific what this IT individual would be expected
todo...

Remember if user needs to use TS then need to give this user logon locally
rights..


"Steve Foster [SBS MVP]" <steve.foster@picamar.co.uk> wrote in message
news:utjOHHdhDHA.1796@TK2MSFTNGP10.phx.gbl...
> Merv Porter wrote:
>
> > There are times during some maintenance issues when the IT admin will
> > need to log into the server as Administrator and he will need to have
> > the Administator password. Once you give it to him, the game is up.
>
> Not necessarily. You could make him/her a member of Domain Admins
> instead, and keep the Administrator account safe. DA's cannot touch the
> Administrator account, but have almost all the rights/privileges that
> Administrator has.
>
> Alternatively, if lower privileges are all that is required, look at
> the XXX Operators groups (eg Server Operators, Account Operators,
> Backup Operators, etc.) or a combination of those groups. For example,
> Account Operators can create and manage ordinary user accounts, but
> cannot touch DA's or Administrators' accounts, nor can they create
> DA/Admins accounts.
>
> --
> Steve Foster [SBS MVP]
> ---------------------------------------
> MVPs do not work for Microsoft. Please reply only to the newsgroups.


Top