microsoft.public.windowsxp.security_admin

Ravi wrote:
> Some of the folders in our file system contain sensitive financial
> data. The file server is managed by our IT department. How do I
> restrict the people in Domain Admins group (some of them are from IT
> Department) from accessing sensitive data? If I remove read
> permissions to Domain Admins, backup jobs may fail.

EFS. But be very careful. Your domain admins/IT staff are the ones you need
to rely on to administer/manage/back up and restore your data. If you
encrypt something and they can't work on it/back it up, and you can't
unencrypt it, your data is lost. Hire only admins you can trust, and have
everyone sign computer use agreements, nondisclosure agreements, and so
forth..

Note for future This isn't really the best group for a question like this -
I'd post in microsoft.public.windows.server.active_directory with a possible
crosspost to microsoft.public.security.