If this computer belongs to the domain, and the Tech Support is member of
Domain Admin, then there isn't much you can do to limit access from them to
RS on this box. Sure, you can remove whoever in the local admins group. They
can add themself to whatever local group they want to later or any time.
They can even remove you from any local/domain group. If you do not trust
someone for network access to whatever resources n the network/computer, do
not place them into Domain Admins.
[quoted text, click to view] "Harry Leboeuf" <HarryLeboeuf@newsgroups.nospam> wrote in message
news:Oxpfo4tGIHA.3400@TK2MSFTNGP03.phx.gbl...
> My machine is in a domain.
> The local group Administrators had a member that is the Domain Admins.
> Our Tech Support has configured this like that.
>
> Now, in the Home directory i've deleted the BUILTIN\Administrators from
> the users and groups that can access the tree. Even on some directories
> i've deleted that entry as they didn't inherrit security.
> But still a domain admin can see the complete tree.
>
> In the properties of the server the BUILTIN\Administrator is also removed.
>
> Where should i continue, as we don't want the Tech Support to access all
> Reports ...
>
> Kind Regards
> Harry
>
The local Administrators group on the server has admin rights in RS. No way
around this. It sounds like you have the domain admins added to the local
administrators group. Remove the domain admins and just add those who you
want to have admin rights to RS to the local administrators group.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
[quoted text, click to view] "Harry Leboeuf" <HarryLeboeuf@newsgroups.nospam> wrote in message
news:Oxpfo4tGIHA.3400@TK2MSFTNGP03.phx.gbl...
> My machine is in a domain.
> The local group Administrators had a member that is the Domain Admins.
> Our Tech Support has configured this like that.
>
> Now, in the Home directory i've deleted the BUILTIN\Administrators from
> the users and groups that can access the tree. Even on some directories
> i've deleted that entry as they didn't inherrit security.
> But still a domain admin can see the complete tree.
>
> In the properties of the server the BUILTIN\Administrator is also removed.
>
> Where should i continue, as we don't want the Tech Support to access all
> Reports ...
>
> Kind Regards
> Harry
>
