My CEO needs several folders setup on our general file server that should have severe access restrictions. Domian ControllerOS is Server2003, R2. The file server is currently Server2000, SP4. We specificaly do not want any Domain Admin, the Administrator account, or other groups to have access. There will be specific list of names per folder. Setting up the folders, creating AD groups, applying group security is done. What specific recommendations are there to ensure the administrator and all admin groups cannot access these folders??daveM

You cannot remove the privileges of the built-in Administrators group from accessing files and folders. You can try taking ownership and taking NTFS permissions off the Administrators but they can take it back again (but this action could be audited but not very conclusively).You can remove Domain Admins from the Administrators group and change the Administrator's password (although Group Policy could be used to put it back!)but who is left administer and backup the server?It is possible to restructure AD to provide strict delegation (there will be no-one in Domain Admins) but this is probably not what you want to embark on. "Server Isolation" through IPsec is perhaps another option that maybe more than you'd want to consider, but again someone still needs localaccess to administer the server.Encryption is perhaps your best betbut I have no specific third-party product to suggest (there are plenty). You will also need to ensure the files remain encrypted when on the network being viewed or being copied.