Security Basics mailing list archives
Re: Restrict the Domain Admin
From: cc <cc () belfordhk com>
Date: Tue, 20 Sep 2005 14:56:18 +0800
sf_mail_sbm () yahoo com sighed and wrote::
Hi List, Is there a way to restrict access of a Domain Admin?
Here's my $0.02. By restricting the access of a domain admin, you've already defeated the purpose of a domain admin. The main point of the matter is that in order for one person to be a domain admin, you must have extraordinary (or maybe just special) trust in both the person's ability and their standards of operating procedures. By restricting access to the domain admin, you are in essence saying, "Here's the domain access, but we don't trust you enough to give you the full 9 yards so we're restricting your access to these privileges." If you don't have 100% confidence in either the person's ability or their ethics, you really shouldn't be giving the person that much access to begin with. As some other poster (Mr. Armfield) mentioned here, eventually you'll need a person who has access to the whole nine yards.
Current thread:
- Restrict the Domain Admin sf_mail_sbm (Sep 16)
- Re: Restrict the Domain Admin Christos Triantafyllidis (Sep 19)
- Re: Restrict the Domain Admin G. Chomic (Sep 19)
- Re: Restrict the Domain Admin Raoul Armfield (Sep 19)
- Re: Restrict the Domain Admin Pete Hunt (Sep 19)
- RE: Restrict the Domain Admin Brian Loe (Sep 19)
- Re: Restrict the Domain Admin cc (Sep 20)
- Re: Restrict the Domain Admin Cam Fischer (Sep 22)
- Re: Restrict the Domain Admin Glenn English (Sep 26)
- <Possible follow-ups>
- RE: Restrict the Domain Admin Brunner, Mark (Sep 19)
- RE: Restrict the Domain Admin Robert McIntyre (Sep 20)
- RE: Restrict the Domain Admin Craig Wright (Sep 22)
- RE: Restrict the Domain Admin Charles Otstot (Sep 26)
- RE: Restrict the Domain Admin Brian Loe (Sep 26)
- RE: Restrict the Domain Admin Depp, Dennis M. (Sep 22)
- RE: Restrict the Domain Admin Craig Wright (Sep 26)
- RE: Restrict the Domain Admin Craig Wright (Sep 26)
(Thread continues...)