Owner information replaced after synchronization in Onedrive for Business

matgus
Copper Contributor
Sep 19, 2022
Well, suspicious indeed!
Let's say we get a rouge admin and he delets all files from our ceo's ondrive. No one would ever know who did this. If I (as an admin) try the same, logged in as admin locally and then if I try to open another users folder I would get a prompt saying I does not have access, If I assign myself access this is logged. But when I connect over the network to \\computer\c$ there is no prompt and no logs of this action. This means the admin can add, remove or change any item in any local user folder, have it synchronized to OneDrive or SharePoint without a trace. The poor enduser gets the blame.

So at least that the prompts would be consistent and that the ability to log this action the same way as if logged on locally would be good. (without having to enable file auditing on all files for all my computers)
- MikeWWW
  Iron Contributor
  Sep 19, 2022
  A rogue admin can do more extensive damage without doing this. If your organisation doesn't have backups or properly implemented ISMS controls then rogue admins can do bad stuff for a long time. OneDrive/SharePoint is *not* a backup in the way that file/disk snapshots are.
  - matgus
    Copper Contributor
    Sep 19, 2022
    Yes, but beside my point. We do backup all SharePoint and OneDrive data.
    Our Helpdesk admins only have access to local PC's, not any other resources (as admins). But this will create a shortcut into accessing data that they normally would not have access to. At least not by default. And if they did change something it is without any trace.
    The Admin could place a malicious PDF-file on in a SharePoint library and the Enduser would get "blamed" for it.

Forum Discussion

Owner information replaced after synchronization in Onedrive for Business