Myths #3: Give without giving

One more mystery for me: how give everything without giving everything. This is exactly the question I see very often in various forums and other places. This is the question I hear personally from time to time. It can be in asked in several forms, the most frequent forms are: 1) How can I give a user local admin rights and be sure that they cannot do <put your own stuff here>? 2) How can I restrict my domain admin from accessing the <your very valuable information>? Naturally, at this point I start boiling and all that stuff, but let’s … Continue reading Myths #3: Give without giving

#RutechEd: Answering the questions, part II

At last, two remaining questions to be answered. 1) One of the attendees of the hands-on lab on Dynamic Access Control had read that a normal user (without administrative permissions) can classify files and folders. However, he hadn’t succeeded in achieving it. Here is what I tried and understood: i. Any user cannot change classification via explorer remotely (or at least I failed to achieve this). ii. Any user, which has full permissions on files can edit classification locally, e.g. from TS session. As far as I can understand, the “non-administrative user can edit it” part was related to automated … Continue reading #RutechEd: Answering the questions, part II