We would like to not allow our administrators to see sensitive Payroll information in Reporting Services. I have removed 'BUILTIN\Administrators' from all folders, yet those in the Domain Admins group can still see all of the adminstrative functions, as well as all of the folders. We don't want them to see some of the folders.
Does this have to do with the Domain Admins having local Admin rights on the server?
I think you have to install RS with another service, not Local Service or Networkservice, you can make the service to be installed to the name of a special user Financee\FinanceeAdministrator, after it remove builtin\administrators on the folders you dont want them to see,
|||Can we take Domain Administrator's out of the Local Administrators group on the server and get the same effect?|||Domain administrators are the superpowerful users, I dont think you can deny access to them
No comments:
Post a Comment