I'd like to solicit the group's input on the
following.
Domain administrators, by definition, are going to
have complete access to member computers.
Is anyone doing anything to mitigate the potential
risks involved with access to, say, an executive's
computer which could have very sensitive data on it
(mergers and acquisitions, for example)?
One obvious answer is encryption, but I'm curious what
is available in the Windows world as I'm not as
familiar with that.
Even if something like object level auditing was
enabled and the logs sent to a remote host, couldn't
the admin, as a first step, disable this logging?
Please answer both 1) what is possible, and 2) what is
your organization or other organizations you know of
doing about this (if anything).
Many thanks in advance!
Michael
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
following.
Domain administrators, by definition, are going to
have complete access to member computers.
Is anyone doing anything to mitigate the potential
risks involved with access to, say, an executive's
computer which could have very sensitive data on it
(mergers and acquisitions, for example)?
One obvious answer is encryption, but I'm curious what
is available in the Windows world as I'm not as
familiar with that.
Even if something like object level auditing was
enabled and the logs sent to a remote host, couldn't
the admin, as a first step, disable this logging?
Please answer both 1) what is possible, and 2) what is
your organization or other organizations you know of
doing about this (if anything).
Many thanks in advance!
Michael
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]