Q

Is third-party software the only way to prevent access within a domain group?

Identity management and access control expert Joel Dubin discusses how to prevent administrator access to certain documents within a domain group.

I am the fourth member of a domain administration group for a small company. When I create a document, the other three members of the domain group can access it without my permission. Is it possible to restrict access without third-party software?
Ultimately, the answer depends on whether all four of you are domain administrators. If you're on Linux or Windows, all the domain administrators have free reign of the system and can't be hindered by normal access restrictions imposed on ordinary users.

Even if file permissions are set on a document, other domain administrators will still have full access to that document. The same goes for Group Policy Objects (GPO) in Active Directory. GPOs can be set to restrict access to objects, like documents, to a fairly high degree of granularity. But, again, that won't stop a domain administrator.

There are a few workarounds. One option might be something old-fashioned: put confidential documents on a separate network or on a workstation. Another possibility is to create a separate group for the other three administrators that doesn't have full administrative rights. These users would have to use either "sudo" for Linux or "runas" for Windows. These commands restrict administrative access for particular users for particular functions.

Again, for only four domain administrators, your options are limited, and the best course might be just to keep your confidential documents off the network on an isolated workstation.

For more information:

  • Learn how to configure a server so unauthorized users cannot access files, folders and other sensitive information.
  • Application security expert Michael Cobb discusses whether or not third-party software tools should be used to customize applications.
  • This was first published in October 2007

    Dig deeper on Enterprise Data Governance

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close