Re: Windows Domain Controllers: Risks involved

[David Gillett <gillettdavid () FHDA EDU>]

>       - Domain admins can access the files of any computer in the
> domain. How do you ensure the confidentiality and privacy of
> users and data?

  You do what you can to staff these positions with trustworthy
people.  If this is an extremely sensitive area, you add monitoring
and Separation of Duties so that none of them can abuse this privilege
without someone else knowing about it.

  I worked in a place where some users with Local Admin rights routinely
deleted the Domain Admins group from Local Admins on their machines.  We
rolled out a change to our standard login script that would add it back...


>       - In you implementations, do you include the computers of the
> top management?

  Excluding such machines is the WRONG way to "secure" them.  In that
same place, the machines of the top executives were excluded with the
result that they were the worst secured and maintained computers in
the company.
  Ideally, sensitive data shouldn't live on anyone's desktop or laptop
machine, but on a secured and backed-up server.  But that just moves
the question above from concerns about the Domain Admins to the exact
same concerns about the sysadmins of that storage server....


>       - Do you give faculty and staff, high level access to install
> applications, or installation requests have be channeled to the
> domain admins?

  Having a domain doesn't mean users *can't* have Local Admin rights
on their machines, but that's a separate discussion.  We've found that
for *most* users, having to have a tech call on them when they need to
do something requiring Local Admin rights is a good way to cut down on
repair calls after they've shot themselves in the foot.  Generally
those techs are not Domain Admins either.


David Gillett