How to protect folder privacy against unethical network administrators? [closed]
Posted
by
Trevor Trovalds
on Server Fault
See other posts from Server Fault
or by Trevor Trovalds
Published on 2012-04-14T07:44:23Z
Indexed on
2012/04/14
11:33 UTC
Read the original article
Hit count: 196
I just need a technical solution for the sake of my group's shared passwords, projects, works, etc. safety.
Our network has Active Directory
with public/groups/users
and NTFS permissions
, under a Windows Server 2003
which will soon migrate to Windows Server 2008 R2
. Our IT crowd is small, consisting of 2 DBAs, 4 designers, 6 developers (including me), 2 netadmins and (a lot of) tech supporters, everyone has local admin rights.
Those 2 network admins weren't the ones who set the network up, they just took the lift recently when the previous ones quit. We usually find them laughing at private contents from users stored in the groups AD, sabotaging documents that don't match their personal tastes and, finally, this week we found out they stole a project we (developers and DBAs) were finishing and, long before, they presented it to the CEO as theirs without us knowing.
I'm a systems analyst, and initially my group decided to store critical content, like shared passwords, inside encrypted .zip
files. Unfortunately we couldn't do the same to the other hundreds of folders and files, which included the stolen project, because the zipping process would take too long for every update. We also tried an encrypted Subversion repository under SSL
, but there are many dummies (~38 atm) involved in the projects that have trouble using TortoiseSVN
when contributing, and very oftenly we had to fix messed up updates. Well, I think these two give the idea of what we've been trying to reach.
So, is there a practical "individual" protection for our extensive data or my hope can already be euthanized?
P.S.: Seriously, at the place where I live/work, political corruption gone the wildest, so denounce related options are likely impracticable. Yet both netadmins have strong "political bond" with the CEO and the President, hence their lousy behavior and our failed delation attempts.
© Server Fault or respective owner