Originally Posted by slewis1972
I agree 100% with that, and based on that - what sort of damage can say a domain admin do on a BES with say email infrasturre (as we use it with exchange). Need to cover all the bases before i go in with my argument as most IT staff seem to have domain access. With the BES being pretty darn inportant, I need to get my facts correct as if I can alter the users access on this server, then this may get them to think about everyones access in general.
A Domain Admin can shut down a BES, delete files from the BES, view logs ...
In theory this same Domain Admin could gain access to the SQL server with the BESMgmt database and have access to license data, they could corrupt the database ... pretty much ruin the entire BES environment.