Just so you know, NT/W2k has mandatory enforced ACL based security. And all of the things that I said earlier are _still_ true. I know because just recently I started looking into how to secure parts of a machine from the domain administrators. Simple answer: you can make it so they get noticed if they look, but you cant _stop_ them from looking if they really really want to. (Er well, at least if they also have the machine Admin account details too)
*SIGH*
--- demerphq
my friends call me, usually because I'm late....
| [reply] |
Absolutely. The only real solution is encryption. There are systems with mandatory access controls that are "difficult" (read "hopefully impossible") for the admin to bypass, but these are primarily used on military computers.
--traveler
| [reply] |
What happens if the only person with access to a set of files on one of these military systems gets run over by a bus?
Presumably there will always be some person with the security role of ALL_ACCESS. Of course there may be someone else (with a gun) who reads the printed logs of what that person does... But still.. :-)
--- demerphq
my friends call me, usually because I'm late....
| [reply] |