Disabling “Create Site” in SharePoint Online except admins

In SharePoint Online, there is a “+ Create Site” button that allows users to create sites, in our case configured to create them under /sites.

We don’t want end users being able to create sites at this time, only administrators.

In the SharePoint Admin Center, it has a setting “Subsite Creation” with options:

  • Hide the subsite menu command
  • Show the subsite menu command to users who have permission to create sites

1) If I hide this button, it is hidden for EVERYONE, including administrators. How do admins create sites under /sites when this is hidden?

2) When it says “users who have permission to create sites”, where or how is this permission given or taken away? Is this tied to O365 Group creation?

How do you protect against your IT domain admins accessing your data?

I work at a small company and we use an external company to take care of all our IT needs (a “managed IT service provider”). This includes managing our windows domain, our network, and everything else. To do so, they obviously have domain admin rights over all the computers.

Some high-profile employees work with sensitive files and data that we need to be sure no one is able to access or steal.

How can we set up our security so that no one in the IT department is able to access what they should not? Is there a way to guarantee this? Or is it required for the IT admins to be trusted?

In other words, if IT administers our firewall and accounts and security, how can we”police” the police?

Centrally apply a GPO rule to Local Admins

Pardon if someone asked before – tried searching maybe I missed it out.

Anyways, I have to

1a) Set a domain wide policy to Deny Access to this Computer from the Network 1b) Put each computer’s local “Administrator” in that policy

Where I’m stumped is that on the Domain Controller >> Group Policy Management, while changing the policies during the please Select Users and Computers phase, it only displays domain users. Can’t do a scope change either – it only allows searching the local DC, the whole domain, or the forest

I did some research on Restricted Users, sure I can use that tool to overwrite users group memberships but that’s about it, I can’t automate adding / centrally manage each PC’s local admin to the Deny Logon policy.

I’d value any ideas or alternative suggestions to this issue. Might have to explain to management or even go thorough the sticky way of simply doing this as out of the box default for new computers

icacls : create private directory (full control for user and no listing for others except admins)

I would like to create a folder with permissions similar to my home directory. I tried giving myself full control etc. but I managed to get locked out and had to use the takedown tool to be able to delete the directory.

I know Deny permissions take precedence over Allow but that’s about it. This is for Windows Server 2012R2.

Allow Backorder for Admins only Magento 2

Does anyone know how we can setup to allow backorders to happen only for orders placed in the backend admin?

So customers on the frontend store would not be able to place an order for an out of stock item.

Our sales reps need to be able to place orders for products that are out of stock, but not our frontend customers.

Is there an extension that would do this or any help would be greatly appreciated. Thanks.