How to prevent Domain Admins from being denied access to network folders?

ntfs active-directory windows-server-2003 network-share

Solution 1:

This seems more like a management issue than a technical one. Taking ownership with a script or trying to block the few people that would ever play with permissions is more trouble than I think it would be worth.

In the past, we've made personal folders completely inaccessible to domain admins, but there are inevitably times when people call up and ask "can you check something in my personal directory?"

So we follow a policy that admins have to be able to read everything (with a few exceptions). If we ever come across a folder where someone has blocked admin access, we find out why, explain why we think it's better that we have access, and we change the permissions back to our default. If it happened while we were tracking down a problem, that's why we have the policy: so we could simply take control at the time and sort it out later.

Solution 2:

on option you could deploy is simply hiding the permissions tab through group policy. It won't stop a really creative user, but it will quickly weed out the majority that might tinker around. other that that, there's no need to worry about owenership so long as the admins have full control. As mentioned, you can always take ownership.

Related

Shared Cygwin Install
Enabling APC causes internal server error
CentOS BIND DNS Troubleshooting?
Apache2 Virtual Host broken; displayed default index.html on subdomain, but correct content on www.subdomain
scp and rsync do not work (ssh works)
Populate list of custom view using ListFragment
MYSQL - Turkish character
Access files from network share in c# web app
Android: detect brightness (amount of light) in phone's surroundings using the camera?
Returning non-const reference from a const member function
Getting all possible sums that add up to a given number
OutOfMemoryException when send big file 500MB using FileStream ASPNET