Use third party encryption.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop
Sent: Wednesday, April 20, 2005 7:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Restricting sensitive information
We have a problem in discussion where we need to restrict sensitive HIPAA information to a very select few employees in the US and only one or two people overseas. The problem is, we have about 10-15 domain admins worldwide in our single domain, and this is too many people to have access to the HIPAA data. Rather than take domain admin priviledges away, whereby breaking their ability to promote domain controllers, etc - what's an easy way to have a share on a file server restricted to only a select few of the domain admins?
We were thinking of maybe adding a 2nd domain just for the server with this share on it. Then only enterprise admins would have access to that other domain, so only they could see that share. Is there an alternative to something this drastic?
Reply
Why not simply install the server out of the domain completely and use it's local accounts?
Regards
Peter Jessop