1

Suppose I am using Windows authentication for an IIS 7 website.

I do not want anybody on intranet (including the network administrator to access the website yet). Anybody will obviously be prompted for username/password, but my concern is somebody who is monitoring the network with administrative powers can just see what authorized users are entering as username/password and log-in. Apart from SSL, is there any other way?

I will host the IIS on a regular computer on the network and pass around IP of that computer to some intranet people.

TPR
  • 285
  • 1
  • 5
  • 2
    We have better things to do than take a sneak peek at your unfinished website, *provided this is relevant to your job*. If however this is not something you should be doing, it's fair game for me to abuse my domain admin powers to see what you're up to (with HR, obviously). – Ben Pilbrow Jul 09 '11 at 22:08
  • @Ben Pilbrow ... assume third scenario, surprise for the network admin. Wouldn't it give us peace of mind if we knew the network admin would not be able to access it? – TPR Jul 10 '11 at 02:15
  • @progtick You cannot stop a domain admin from getting to it, short of pulling the network cable out of the wall. You can put up barriers against access, but all of them will be defeated by a determined, competent person wielding domain admin rights. – Shane Madden Jul 10 '11 at 03:55

1 Answers1

1

In short, a Domain Administrator can do what they please. If they don't have access to something, they only need to wave their godly Domain Admin wand and give themselves access.

As an aside, I appreciate you are making a surprise for them, however they really should know about it so the website can be factored into backup plans and such. You'd wish you told them after 6 months of work and the day before it goes live, the server died with no backup of your website because the sysadmins didn't know of its existence.

Ben Pilbrow
  • 11,995
  • 5
  • 35
  • 57