Hi,
I have been requested to ensure that the junior members of the IT department are unable to access the AD objects, data and email of the senior management.
I'm planning on using the follow:
Remove junior guys from Domain Admins group
OU Delegation to protect the AD objects (separate OU for managemnt)
Remove the access rights on the senior management data shares
Use the message store secuity on Exchange
Use restricted groups so the junior guys can still install apps to the workstations etc.
Have I missed anything? Has anyone got any better suggestions or links whitepapers etc
Thanks
I have been requested to ensure that the junior members of the IT department are unable to access the AD objects, data and email of the senior management.
I'm planning on using the follow:
Remove junior guys from Domain Admins group
OU Delegation to protect the AD objects (separate OU for managemnt)
Remove the access rights on the senior management data shares
Use the message store secuity on Exchange
Use restricted groups so the junior guys can still install apps to the workstations etc.
Have I missed anything? Has anyone got any better suggestions or links whitepapers etc
Thanks
